diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn
index 0ffbb03551..4adf09ac5a 100644
--- a/.acrolinx-config.edn
+++ b/.acrolinx-config.edn
@@ -4,15 +4,14 @@
:targets
{
:counts {
- ;;:spelling 10
- ;;:grammar 3
+ ;;:correctness 13
;;:total 15 ;; absolute flag count but i don't know the difference between this and issues
;;:issues 15 ;; coming from the platform, will need to be tested.
}
:scores {
;;:terminology 100
:qualityscore 80 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place
- ;;:spelling 40
+ ;;:correctness 40
}
}
@@ -22,7 +21,7 @@
{
"languageId" "en"
"ruleSetName" "Standard"
- "requestedFlagTypes" ["SPELLING" "GRAMMAR" "STYLE"
+ "requestedFlagTypes" ["CORRECTNESS" "SPELLING" "GRAMMAR" "STYLE"
"TERMINOLOGY_DEPRECATED"
"TERMINOLOGY_VALID"
"VOICE_GUIDANCE"
@@ -35,7 +34,7 @@
"
## Acrolinx Scorecards
-**The minimum Acrolinx topic score of 80 is required for all MARVEL content merged to the default branch.**
+**The minimum Acrolinx topic score of 80 is required for all MAGIC content merged to the default branch.**
If you need a scoring exception for content in this PR, add the *Sign off* and the *Acrolinx exception* labels to the PR. The PubOps Team will review the exception request and may take one or more of the following actions:
@@ -47,12 +46,12 @@ For more information about the exception criteria and exception process, see [Mi
Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
-| Article | Score | Issues | Correctness issues | Scorecard | Processed |
+| Article | Score | Issues | Correctness score | Scorecard | Processed |
| ------- | ----- | ------ | ------ | --------- | --------- |
"
:template-change
- "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/correctness} | [link](${acrolinx/scorecard}) | ${s/status} |
+ "| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/scores/correctness} | [link](${acrolinx/scorecard}) | ${s/status} |
"
:template-footer
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000000..f4d8be3a0a
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,39 @@
+
+
+
+## Why
+
+
+
+- Closes #[Issue Number]
+
+## Changes
+
+
+
+
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index afe30ff75b..ff9d5d5c7e 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,269 +1,279 @@
{
"redirections": [
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md",
+ "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/application-management/manage-windows-mixed-reality.md",
+ "redirect_url": "/windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/browserfavorite-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/remotelock-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/remotelock-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/registry-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/registry-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/maps-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/maps-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/hotspot-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/filesystem-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseext-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseext-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md",
"redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/deviceinstanceservice-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
- },
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/cm-proxyentries-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
- },
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/bootstrap-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
- },
+ "redirect_document_id": false
+ },
{
"source_path": "windows/configuration/wcd/wcd-textinput.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
- },
+ "redirect_document_id": false
+ },
{
"source_path": "windows/configuration/wcd/wcd-shell.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
- },
+ "redirect_document_id": false
+ },
{
"source_path": "windows/configuration/wcd/wcd-rcspresence.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
- },
+ "redirect_document_id": false
+ },
{
"source_path": "windows/configuration/wcd/wcd-otherassets.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
- },
+ "redirect_document_id": false
+ },
{
"source_path": "windows/configuration/wcd/wcd-nfc.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-multivariant.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-modemconfigurations.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-messaging.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-internetexplorer.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-initialsetup.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-deviceinfo.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-calling.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-callandmessagingenhancement.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-automatictime.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-theme.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-embeddedlockdownprofiles.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/configure-mobile.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/lockdown-xml.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/mobile-lockdown-designer.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/provisioning-configure-mobile.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/provisioning-nfc.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/provisioning-package-splitter.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/settings-that-can-be-locked-down.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/mobile-devices/start-layout-xml-mobile.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/whats-new/windows-11.md",
"redirect_url": "/windows/whats-new/windows-11-whats-new",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/configuration/use-json-customize-start-menu-windows.md",
"redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/application-management/msix-app-packaging-tool.md",
"redirect_url": "/windows/application-management/apps-in-windows-10",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "browsers/edge/about-microsoft-edge.md",
@@ -490,12 +500,12 @@
"redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations",
"redirect_document_id": false
},
- {
+ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
"redirect_document_id": false
},
- {
+ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
"redirect_document_id": false
@@ -2105,7 +2115,7 @@
"redirect_url": "/microsoft-365/security/defender-endpoint/manage-edr",
"redirect_document_id": false
},
- {
+ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-edrmanage-edr.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response",
"redirect_document_id": false
@@ -2275,7 +2285,7 @@
"redirect_url": "/microsoft-365/security/defender-endpoint/powerbi-reports",
"redirect_document_id": false
},
- {
+ {
"source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/api-power-bi",
"redirect_document_id": false
@@ -2455,7 +2465,7 @@
"redirect_url": "/microsoft-365/security/defender-endpoint/supported-response-apis",
"redirect_document_id": false
},
- {
+ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list",
"redirect_document_id": false
@@ -2806,9 +2816,9 @@
"redirect_document_id": false
},
{
- "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
- "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
- "redirect_document_id": false
+ "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
+ "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
+ "redirect_document_id": false
},
{
"source_path": "windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md",
@@ -14356,9 +14366,9 @@
"redirect_document_id": false
},
{
- "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md",
- "redirect_url": "/microsoft-store/index",
- "redirect_document_id": false
+ "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md",
+ "redirect_url": "/microsoft-store/index",
+ "redirect_document_id": false
},
{
"source_path": "windows/manage/reset-a-windows-10-mobile-device.md",
@@ -16090,7 +16100,7 @@
"redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac",
"redirect_document_id": false
},
- {
+ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac",
"redirect_document_id": false
@@ -16510,7 +16520,7 @@
"redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
"redirect_document_id": false
},
- {
+ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/gov",
"redirect_document_id": false
@@ -18889,7 +18899,7 @@
"source_path": "windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint",
"redirect_document_id": false
- },
+ },
{
"source_path": "windows/security/threat-protection/change-history-for-threat-protection.md",
"redirect_url": "/windows/security/threat-protection",
@@ -19189,7 +19199,7 @@
"source_path": "windows/security/threat-protection/device-control/control-usb-devices-using-intune.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune",
"redirect_document_id": false
- },
+ },
{
"source_path": "windows/security/threat-protection/device-control/device-control-report.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report",
@@ -19204,12 +19214,12 @@
"source_path": "windows/security/threat-protection/intelligence/ransomware-malware.md",
"redirect_url": "/security/compass/human-operated-ransomware",
"redirect_document_id": false
- },
+ },
{
"source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows",
"redirect_document_id": false
- },
+ },
{
"source_path": "windows/security/identity-protection/change-history-for-access-protection.md",
"redirect_url": "/windows/security/",
@@ -19284,26 +19294,26 @@
"source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
"redirect_url": "/windows/deployment/deploy-whats-new",
"redirect_document_id": true
- },
+ },
{
"source_path": "windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md",
"redirect_url": "/windows/client-management/mdm/policy-csp-admx-wordwheel",
"redirect_document_id": true
- },
- {
- "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md",
- "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings",
- "redirect_document_id": true
- },
- {
- "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
- "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
- "redirect_document_id": true
},
{
- "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md",
- "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell",
- "redirect_document_id": false
+ "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md",
+ "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
+ "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md",
+ "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell",
+ "redirect_document_id": false
},
{
"source_path": "windows/privacy/windows-endpoints-1709-non-enterprise-editions.md",
@@ -19325,185 +19335,185 @@
"redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
"redirect_document_id": false
},
- {
- "source_path": "windows/whats-new/windows-11-whats-new.md",
- "redirect_url": "/windows/whats-new/windows-11-overview",
- "redirect_document_id": false
+ {
+ "source_path": "windows/whats-new/windows-11-whats-new.md",
+ "redirect_url": "/windows/whats-new/windows-11-overview",
+ "redirect_document_id": false
},
- {
- "source_path": "windows/deployment/update/waas-delivery-optimization.md",
- "redirect_url": "/windows/deployment/do/waas-delivery-optimization",
- "redirect_document_id": false
- },
- {
- "source_path": "windows/deployment/update/delivery-optimization-proxy.md",
- "redirect_url": "/windows/deployment/do/delivery-optimization-proxy",
- "redirect_document_id": false
- },
- {
- "source_path": "windows/deployment/update/delivery-optimization-workflow.md",
- "redirect_url": "/windows/deployment/do/delivery-optimization-workflow",
- "redirect_document_id": false
- },
- {
- "source_path": "windows/deployment/update/waas-delivery-optimization-reference.md",
- "redirect_url": "/windows/deployment/do/waas-delivery-optimization-reference",
- "redirect_document_id": false
- },
- {
- "source_path": "windows/deployment/update/waas-delivery-optimization-setup.md",
- "redirect_url": "/windows/deployment/do/waas-delivery-optimization-setup",
- "redirect_document_id": false
- },
- {
- "source_path": "windows/deployment/update/waas-optimize-windows-10.md",
- "redirect_url": "/windows/deployment/do/waas-optimize-windows-10",
- "redirect_document_id": false
+ {
+ "source_path": "windows/deployment/update/waas-delivery-optimization.md",
+ "redirect_url": "/windows/deployment/do/waas-delivery-optimization",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/delivery-optimization-proxy.md",
+ "redirect_url": "/windows/deployment/do/delivery-optimization-proxy",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/delivery-optimization-workflow.md",
+ "redirect_url": "/windows/deployment/do/delivery-optimization-workflow",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/waas-delivery-optimization-reference.md",
+ "redirect_url": "/windows/deployment/do/waas-delivery-optimization-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/waas-delivery-optimization-setup.md",
+ "redirect_url": "/windows/deployment/do/waas-delivery-optimization-setup",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/waas-optimize-windows-10.md",
+ "redirect_url": "/windows/deployment/do/waas-optimize-windows-10",
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/coinminer-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/coinminer-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/coordinated-malware-eradication.md",
"redirect_url": "/microsoft-365/security/intelligence/coordinated-malware-eradication",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/criteria.md",
"redirect_url": "/microsoft-365/security/intelligence/criteria",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md",
"redirect_url": "/microsoft-365/security/intelligence/cybersecurity-industry-partners",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/developer-faq.yml",
"redirect_url": "/microsoft-365/security/intelligence/developer-faq",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/developer-resources.md",
"redirect_url": "/microsoft-365/security/intelligence/developer-resources",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/exploits-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/exploits-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/fileless-threats.md",
"redirect_url": "/microsoft-365/security/intelligence/fileless-threats",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/macro-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/macro-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/malware-naming.md",
"redirect_url": "/microsoft-365/security/intelligence/malware-naming",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/phishing-trends.md",
"redirect_url": "/microsoft-365/security/intelligence/phishing-trends",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/phishing.md",
"redirect_url": "/microsoft-365/security/intelligence/phishing",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md",
"redirect_url": "/microsoft-365/security/intelligence/portal-submission-troubleshooting",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/prevent-malware-infection.md",
"redirect_url": "/microsoft-365/security/intelligence/prevent-malware-infection",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/rootkits-malware.md",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md",
"redirect_url": "/microsoft-365/security/intelligence/safety-scanner-download",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/submission-guide.md",
"redirect_url": "/microsoft-365/security/intelligence/submission-guide",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/support-scams.md",
"redirect_url": "/microsoft-365/security/intelligence/support-scams",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/trojans-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/trojans-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/understanding-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/understanding-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/unwanted-software.md",
"redirect_url": "/microsoft-365/security/intelligence/unwanted-software",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md",
"redirect_url": "/microsoft-365/security/intelligence/virus-information-alliance-criteria",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/virus-initiative-criteria.md",
"redirect_url": "/microsoft-365/security/intelligence/virus-initiative-criteria",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/worms-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/worms-malware",
- "redirect_document_id": false
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/microsoft-bug-bounty-program.md",
"redirect_url": "/microsoft-365/security/intelligence/microsoft-bug-bounty-program",
- "redirect_document_id": false
+ "redirect_document_id": false
},
- {
- "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md",
- "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
- "redirect_document_id": false
+ {
+ "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md",
+ "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
+ "redirect_document_id": false
},
- {
- "source_path": "education/itadmins.yml",
- "redirect_url": "/education",
- "redirect_document_id": false
+ {
+ "source_path": "education/itadmins.yml",
+ "redirect_url": "/education",
+ "redirect_document_id": false
},
- {
- "source_path": "education/partners.yml",
- "redirect_url": "/education",
- "redirect_document_id": false
+ {
+ "source_path": "education/partners.yml",
+ "redirect_url": "/education",
+ "redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md",
@@ -19520,120 +19530,545 @@
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
},
- {
- "source_path": "education/developers.yml",
- "redirect_url": "/education",
- "redirect_document_id": false
+ {
+ "source_path": "education/developers.yml",
+ "redirect_url": "/education",
+ "redirect_document_id": false
},
- {
+ {
"source_path": "windows/client-management/mdm/enterpriseappmanagement-csp.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/client-management/mdm/messaging-ddf.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/client-management/mdm/messaging-csp.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/client-management/mdm/policymanager-csp.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/client-management/mdm/proxy-csp.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/client-management/img-boot-sequence.md",
"redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md",
"redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "education/windows/get-minecraft-device-promotion.md",
"redirect_url": "/education/windows/get-minecraft-for-education",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "smb/cloud-mode-business-setup.md",
"redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "smb/index.md",
"redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/whats-new/contribute-to-a-topic.md",
"redirect_url": "https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/CONTRIBUTING.md#editing-windows-it-professional-documentation",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/deployment/update/waas-delivery-optimization-faq.md",
"redirect_url": "/windows/deployment/do/waas-delivery-optimization-faq",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/identity-protection/access-control/security-identifiers.md",
"redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-identifiers",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/identity-protection/access-control/security-principals.md",
"redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-principals",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/identity-protection/access-control/active-directory-accounts.md",
"redirect_url": "/windows-server/identity/ad-ds/manage/understand-default-user-accounts",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/identity-protection/access-control/microsoft-accounts.md",
"redirect_url": "/windows-server/identity/ad-ds/manage/understand-microsoft-accounts",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/identity-protection/access-control/service-accounts.md",
"redirect_url": "/windows-server/identity/ad-ds/manage/understand-service-accounts",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/identity-protection/access-control/active-directory-security-groups.md",
"redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-groups",
"redirect_document_id": false
- },
- {
+ },
+ {
"source_path": "windows/security/identity-protection/access-control/special-identities.md",
"redirect_url": "/windows-server/identity/ad-ds/manage/understand-special-identities-groups",
"redirect_document_id": false
- },
- {
- "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md",
- "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
- "redirect_document_id": false
- }
+ },
+ {
+ "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md",
+ "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/windows-10-accessibility-for-ITPros.md",
+ "redirect_url": "/windows/configuration/windows-accessibility-for-ITPros",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "education/windows/take-a-test-multiple-pcs.md",
+ "redirect_url": "/education/windows/edu-take-a-test-kiosk-mode",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "education/windows/take-a-test-single-pc.md",
+ "redirect_url": "/education/windows/take-tests-in-windows",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "education/windows/take-tests-in-windows-10.md",
+ "redirect_url": "/education/windows/take-tests-in-windows",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "education/windows/change-history-edu.md",
+ "redirect_url": "/education/windows",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/change-history-for-mdm-documentation.md",
+ "redirect_url": "/windows/client-management/change-history-for-mdm-documentation",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md",
+ "redirect_url": "/windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/appv-deploy-and-config.md",
+ "redirect_url": "/windows/client-management/appv-deploy-and-config",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/configuration-service-provider-reference.md",
+ "redirect_url": "/windows/client-management/mdm/index",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/assign-seats.md",
+ "redirect_url": "/windows/client-management/assign-seats",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/azure-active-directory-integration-with-mdm.md",
+ "redirect_url": "/windows/client-management/azure-active-directory-integration-with-mdm",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md",
+ "redirect_url": "/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md",
+ "redirect_url": "/windows/client-management/bulk-assign-and-reclaim-seats-from-user",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md",
+ "redirect_url": "/windows/client-management/bulk-enrollment-using-windows-provisioning-tool",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/certificate-authentication-device-enrollment.md",
+ "redirect_url": "/windows/client-management/certificate-authentication-device-enrollment",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/certificate-renewal-windows-mdm.md",
+ "redirect_url": "/windows/client-management/certificate-renewal-windows-mdm",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/config-lock.md",
+ "redirect_url": "/windows/client-management/config-lock",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/data-structures-windows-store-for-business.md",
+ "redirect_url": "/windows/client-management/data-structures-windows-store-for-business",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/device-update-management.md",
+ "redirect_url": "/windows/client-management/device-update-management",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md",
+ "redirect_url": "/windows/client-management/diagnose-mdm-failures-in-windows-10",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md",
+ "redirect_url": "/windows/client-management/disconnecting-from-mdm-unenrollment",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/dmprocessconfigxmlfiltered.md",
+ "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md",
+ "redirect_url": "/windows/client-management/enable-admx-backed-policies-in-mdm",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md",
+ "redirect_url": "/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/enterprise-app-management.md",
+ "redirect_url": "/windows/client-management/enterprise-app-management",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/esim-enterprise-management.md",
+ "redirect_url": "/windows/client-management/esim-enterprise-management",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/federated-authentication-device-enrollment.md",
+ "redirect_url": "/windows/client-management/federated-authentication-device-enrollment",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-inventory.md",
+ "redirect_url": "/windows/client-management/get-inventory",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-localized-product-details.md",
+ "redirect_url": "/windows/client-management/get-localized-product-details",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-offline-license.md",
+ "redirect_url": "/windows/client-management/get-offline-license",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-product-details.md",
+ "redirect_url": "/windows/client-management/get-product-details",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-product-package.md",
+ "redirect_url": "/windows/client-management/get-product-package",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-product-packages.md",
+ "redirect_url": "/windows/client-management/get-product-packages",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-seat.md",
+ "redirect_url": "/windows/client-management/get-seat",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-seats-assigned-to-a-user.md",
+ "redirect_url": "/windows/client-management/get-seats-assigned-to-a-user",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/get-seats.md",
+ "redirect_url": "/windows/client-management/get-seats",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/implement-server-side-mobile-application-management.md",
+ "redirect_url": "/windows/client-management/implement-server-side-mobile-application-management",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/management-tool-for-windows-store-for-business.md",
+ "redirect_url": "/windows/client-management/management-tool-for-windows-store-for-business",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/mdm-enrollment-of-windows-devices.md",
+ "redirect_url": "/windows/client-management/mdm-enrollment-of-windows-devices",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/mdm-overview.md",
+ "redirect_url": "/windows/client-management/mdm-overview",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/mobile-device-enrollment.md",
+ "redirect_url": "/windows/client-management/mobile-device-enrollment",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md",
+ "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/oma-dm-protocol-support.md",
+ "redirect_url": "/windows/client-management/oma-dm-protocol-support",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/on-premise-authentication-device-enrollment.md",
+ "redirect_url": "/windows/client-management/on-premise-authentication-device-enrollment",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/push-notification-windows-mdm.md",
+ "redirect_url": "/windows/client-management/push-notification-windows-mdm",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/reclaim-seat-from-user.md",
+ "redirect_url": "/windows/client-management/reclaim-seat-from-user",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md",
+ "redirect_url": "/windows/client-management/register-your-free-azure-active-directory-subscription",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/rest-api-reference-windows-store-for-business.md",
+ "redirect_url": "/windows/client-management/rest-api-reference-windows-store-for-business",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/server-requirements-windows-mdm.md",
+ "redirect_url": "/windows/client-management/server-requirements-windows-mdm",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md",
+ "redirect_url": "/windows/client-management/structure-of-oma-dm-provisioning-files",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/understanding-admx-backed-policies.md",
+ "redirect_url": "/windows/client-management/understanding-admx-backed-policies",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md",
+ "redirect_url": "/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md",
+ "redirect_url": "/windows/client-management/win32-and-centennial-app-policy-configuration",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/windows-mdm-enterprise-settings.md",
+ "redirect_url": "/windows/client-management/windows-mdm-enterprise-settings",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/wmi-providers-supported-in-windows.md",
+ "redirect_url": "/windows/client-management/wmi-providers-supported-in-windows",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/advanced-troubleshooting-802-authentication.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/802-1x-authentication-issues-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/advanced-troubleshooting-boot-problems.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/wireless-network-connectivity-issues-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/data-collection-for-802-authentication.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/data-collection-for-troubleshooting-802-1x-authentication-issues",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/determine-appropriate-page-file-size.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/generate-kernel-or-complete-crash-dump.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/generate-a-kernel-or-complete-crash-dump",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/introduction-page-file.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/introduction-to-the-page-file",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/system-failure-recovery-options.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/configure-system-failure-and-recovery-options",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-event-id-41-restart.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/event-id-41-restart",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-inaccessible-boot-device.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/stop-error-7b-or-inaccessible-boot-device-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-networking.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/networking-overview",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/stop-error-broadcom-network-driver-update",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-stop-errors.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/stop-error-or-blue-screen-error-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-tcpip-connectivity.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/tcp-ip-connectivity-issues-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-tcpip-netmon.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/collect-data-using-network-monitor",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-tcpip-port-exhaust.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/tcp-ip-port-exhaustion-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-tcpip-rpc-errors.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/rpc-errors-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-tcpip.md",
+ "redirect_url": "/troubleshoot/windows-client/networking/networking-overview",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-windows-freeze.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/windows-based-computer-freeze-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/troubleshoot-windows-startup.md",
+ "redirect_url": "/troubleshoot/windows-client/performance/windows-startup-issues-troubleshooting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/windows-10-support-solutions.md",
+ "redirect_url": "/troubleshoot/windows-client/welcome-windows-client",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "education/windows/set-up-school-pcs-shared-pc-mode.md",
+ "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/windows-update-errors.md",
+ "redirect_url": "/troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/windows-update-resources.md",
+ "redirect_url": "/troubleshoot/windows-client/deployment/additional-resources-for-windows-update",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/windows-update-troubleshooting.md",
+ "redirect_url": "/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/upgrade/quick-fixes.md",
+ "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/upgrade/resolution-procedures.md",
+ "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/upgrade/troubleshoot-upgrade-errors.md",
+ "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/upgrade/upgrade-error-codes.md",
+ "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+ "redirect_document_id": false
+ }
]
-}
+}
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3bf0503686..e7397c36cc 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,8 +1,6 @@
# Editing Windows IT professional documentation
-Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
-This page covers the basic steps for editing our technical documentation.
-For a more up-to-date and complete contribution guide, see the main [Microsoft Docs contributor guide overview](https://docs.microsoft.com/contribute/).
+Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our content. This page covers the basic steps for editing our technical documentation. For a more up-to-date and complete contribution guide, see the main [contributor guide overview](https://learn.microsoft.com/contribute/).
## Sign a CLA
@@ -19,16 +17,16 @@ We've tried to make editing an existing, public file as simple as possible.
### To edit a topic
-1. Go to the page on [docs.microsoft.com](https://docs.microsoft.com/) that you want to update.
+1. Browse to the [Microsoft Learn](https://learn.microsoft.com/) article that you want to update.
> **Note**
- > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.docs.microsoft.com/help/get-started/edit-article-in-github?branch=main).
+ > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.learn.microsoft.com/help/get-started/edit-article-in-github?branch=main).
1. Then select the **Pencil** icon.
- 
+ 
- If the pencil icon isn't present, the content might not be open to public contributions. Some pages are generated (for example, from inline documentation in code) and must be edited in the project they belong to. This isn't always the case and you might be able to find the documentation by searching the [Microsoft Docs Organization on GitHub](https://github.com/MicrosoftDocs).
+ If the pencil icon isn't present, the content might not be open to public contributions. Some pages are generated (for example, from inline documentation in code) and must be edited in the project they belong to. This isn't always the case and you might be able to find the documentation by searching the [MicrosoftDocs organization on GitHub](https://github.com/MicrosoftDocs).
> **TIP**
> View the page source in your browser, and look for the following metadata: `original_content_git_url`. This path always points to the source markdown file for the article.
@@ -37,7 +35,7 @@ We've tried to make editing an existing, public file as simple as possible.
-1. Using Markdown language, make your changes to the file. For info about how to edit content using Markdown, see the [Microsoft Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference) and GitHub's [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) documentation.
+1. Using Markdown language, make your changes to the file. For info about how to edit content using Markdown, see the [Docs Markdown reference](https://learn.microsoft.com/contribute/markdown-reference) and GitHub's [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) documentation.
1. Make your suggested change, and then select **Preview changes** to make sure it looks correct.
@@ -57,16 +55,15 @@ We've tried to make editing an existing, public file as simple as possible.
The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to their respective article. This repository contains articles on some of the following topics:
- - [Windows client documentation for IT Pros](https://docs.microsoft.com/windows/resources/)
- - [Microsoft Store](https://docs.microsoft.com/microsoft-store)
- - [Windows 10 for Education](https://docs.microsoft.com/education/windows)
- - [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
- - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/)
+ - [Windows client documentation for IT Pros](https://learn.microsoft.com/windows/resources/)
+ - [Microsoft Store](https://learn.microsoft.com/microsoft-store)
+ - [Windows 10 for Education](https://learn.microsoft.com/education/windows)
+ - [Windows 10 for SMB](https://learn.microsoft.com/windows/smb)
+ - [Internet Explorer 11](https://learn.microsoft.com/internet-explorer/)
## Making more substantial changes
-To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content.
-For info about creating a fork or clone, see [Set up a local Git repository](https://docs.microsoft.com/contribute/get-started-setup-local). The GitHub docs topic, [Fork a Repo](https://docs.github.com/articles/fork-a-repo), is also insightful.
+To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content. For information about creating a fork or clone, see [Set up a local Git repository](https://learn.microsoft.com/contribute/get-started-setup-local). The [Fork a Repo](https://docs.github.com/articles/fork-a-repo) article is also helpful.
Fork the official repo into your personal GitHub account, and then clone the fork down to your local device. Work locally, then push your changes back into your fork. Finally, open a pull request back to the main branch of the official repo.
@@ -82,4 +79,4 @@ In the new issue form, enter a brief title. In the body of the form, describe th
- You can use your favorite text editor to edit Markdown files. We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
- You can learn the basics of Markdown in just a few minutes. To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
-- Microsoft Docs uses several custom Markdown extensions. To learn more, see the [Microsoft Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference).
+- Microsoft technical documentation uses several custom Markdown extensions. To learn more, see the [Docs Markdown reference](https://learn.microsoft.com/contribute/markdown-reference).
diff --git a/bcs/docfx.json b/bcs/docfx.json
deleted file mode 100644
index f1384ac71a..0000000000
--- a/bcs/docfx.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
- "build": {
- "content": [
- {
- "files": [
- "**/*.md",
- "**/*.yml"
- ],
- "exclude": [
- "**/obj/**",
- "**/includes/**",
- "_themes/**",
- "_themes.pdf/**",
- "README.md",
- "LICENSE",
- "LICENSE-CODE",
- "ThirdPartyNotices"
- ]
- }
- ],
- "resource": [
- {
- "files": [
- "**/*.png",
- "**/*.jpg"
- ],
- "exclude": [
- "**/obj/**",
- "**/includes/**",
- "_themes/**",
- "_themes.pdf/**"
- ]
- }
- ],
- "overwrite": [],
- "externalReference": [],
- "globalMetadata": {
- "recommendations": true,
- "breadcrumb_path": "/microsoft-365/business/breadcrumb/toc.json",
- "extendBreadcrumb": true,
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ]
- },
- "fileMetadata": {},
- "template": [],
- "dest": "bcs-vsts",
- "markdownEngineName": "dfm"
- }
-}
\ No newline at end of file
diff --git a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
index 08d914e629..8f1c4ab06f 100644
--- a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to add employees to the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 39adf2816d..781f5ef56f 100644
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index b4da3f64f5..1213f26097 100644
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 55b2dcd28a..a1f1c87489 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index c1a7aee9b8..ed72f19975 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md
index d92810ceb5..701ca9da74 100644
--- a/browsers/enterprise-mode/administrative-templates-and-ie11.md
+++ b/browsers/enterprise-mode/administrative-templates-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Administrative templates and Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
index fd58f63df5..e9227b9a6f 100644
--- a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
index 7696eedaca..a75ac8bce7 100644
--- a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -4,7 +4,7 @@ description: You can have centralized control over Enterprise Mode by creating a
ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
ms.reviewer:
manager: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.pagetype: appcompat
ms.sitesec: library
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
index 91c262c502..b71897b375 100644
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
index 807cc8d2c8..ed1bde752c 100644
--- a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
index 867bb143b8..f17b922624 100644
--- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
@@ -4,11 +4,11 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to create a change request within the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
-ms.reviewer:
+ms.reviewer:
manager: dansimp
ms.author: dansimp
---
diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index ad225f2556..c057308ffb 100644
--- a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ description: Delete a single site from your global Enterprise Mode site list.
ms.pagetype: appcompat
ms.mktglfcycl: deploy
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 403690d64f..8556b78648 100644
--- a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
index 25f58fb19f..a8f90c3697 100644
--- a/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
+++ b/browsers/enterprise-mode/enterprise-mode-and-enterprise-site-list-include.md
@@ -5,7 +5,7 @@ Starting with Windows 10, version 1511 (also known as the Anniversary Update), y
### Site list xml file
-This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
+This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
```xml
@@ -47,4 +47,4 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
-```
\ No newline at end of file
+```
diff --git a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
index ae103d5802..ac30da52e5 100644
--- a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
+++ b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
index d04fbf79b9..4173e90efe 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
index fcdaa18eee..cd5349899f 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md
index 30d32a8d1a..2ac59044ac 100644
--- a/browsers/enterprise-mode/enterprise-mode.md
+++ b/browsers/enterprise-mode/enterprise-mode.md
@@ -5,7 +5,7 @@ ms.pagetype: security
description: Use this section to learn about how to turn on Enterprise Mode.
author: dansimp
ms.author: dansimp
-ms.prod: edge
+ms.prod: windows-client
ms.assetid:
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 4f4cbb32bb..97fa2345b6 100644
--- a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index a1d5a8a76b..1d2ee40c8a 100644
--- a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
index 91ff0fab17..ed1fe87924 100644
--- a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local compatibility view list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
index 4e7e10efde..a418d03442 100644
--- a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local Enterprise Mode site list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index 2cb578171f..4656d2aaf6 100644
--- a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
index c946663dda..2e0a6802c3 100644
--- a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index bf7e73664e..cfb7266de2 100644
--- a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Search to see if a specific site already appears in your global Enterprise Mode site list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
index 923d4dfe04..94e0ba38bd 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Set up and turn on Enterprise Mode logging and data collection in your organization.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
index ff7107b46a..7c74c356fe 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md
index d34ccca8ce..4b1fb26c69 100644
--- a/browsers/enterprise-mode/turn-off-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
index c8ef3d030c..97f6c66e77 100644
--- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Turn on local user control and logging for Enterprise Mode.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
index 010448c58d..31dad14346 100644
--- a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
-ms.prod: ie11
+ms.prod: windows-client
title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
index f68c42ca3c..a9a5579bd2 100644
--- a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md
index c6f3e6048e..135fe64673 100644
--- a/browsers/enterprise-mode/using-enterprise-mode.md
+++ b/browsers/enterprise-mode/using-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
ms.reviewer:
manager: dansimp
diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
index 3e06b8b806..d75f9f1eaa 100644
--- a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
@@ -4,11 +4,11 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
-ms.reviewer:
+ms.reviewer:
manager: dansimp
ms.author: dansimp
---
diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
index 8387697841..c16ec888fa 100644
--- a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
index 6ae2c865ea..2aa97c0d95 100644
--- a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
+++ b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
index 0a0f72e971..21e15f6d8d 100644
--- a/browsers/includes/helpful-topics-include.md
+++ b/browsers/includes/helpful-topics-include.md
@@ -35,4 +35,4 @@ ms.topic: include
- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
-- [Fix web compatibility issues using document modes and the Enterprise Mode site list](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
+- [Fix web compatibility issues using document modes and the Enterprise Mode site list](/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index 37391cc166..f52e815de7 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -26,12 +26,7 @@
"recommendations": true,
"breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
"ROBOTS": "INDEX, FOLLOW",
- "audience": "ITPro",
- "ms.technology": "internet-explorer",
- "ms.prod": "ie11",
"ms.topic": "article",
- "manager": "dansimp",
- "ms.date": "04/05/2017",
"feedback_system": "None",
"hideEdit": true,
"_op_documentIdPathDepotMapping": {
diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
index 855b556dd8..691e0f95d2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: How to use Group Policy to install ActiveX controls.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
index 455bae28bd..4d50089f32 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to add employees to the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 57c8991c7d..34ab7b07dd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 18c0b63cac..84f713dc64 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 8c5e4b4426..8424b1cdac 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index c7273e1661..0cf9da171d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
index 4de574cbe2..0a543f430b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Administrative templates and Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
index 07687792a3..ac171f15e7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index f87e4e9cc9..89ff89f47e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: networking
description: Auto configuration and auto proxy problems with Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index 10ff22508d..26843c17fc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: networking
description: Auto configuration settings for Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index bf9f448755..d809f8ffd1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: networking
description: Auto detect settings Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index faba1eb9ac..916597f9b9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: networking
description: Auto proxy configuration settings for Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
index 17f6488e0a..079c74f68e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
@@ -7,7 +7,7 @@ audience: itpro
manager: dansimp
ms.date: 05/10/2018
ms.topic: article
-ms.prod: ie11
+ms.prod: windows-client
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
index 3fc8a84465..4415b0b2f6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: performance
description: Browser cache changes and roaming profiles
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
index be03e1819a..1617af18d5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10.
ms.mktglfcycl: deploy
-ms.prod: ie11
+ms.prod: windows-client
ms.sitesec: library
author: dansimp
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
index 9b4b3e6f1f..734d492686 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -5,7 +5,7 @@ ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
ms.reviewer:
audience: itpro
manager: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.pagetype: appcompat
ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
index 810264c501..a8677b4559 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Choose how to deploy Internet Explorer 11 (IE11)
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index 0175cb7bbe..1896eabd90 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Choose how to install Internet Explorer 11 (IE11)
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 24265e0261..961f15218c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
index db62af6aab..5ac7597d51 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
index 2c525dd36c..012e5f4ce6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
@@ -4,11 +4,11 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to create a change request within the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
-ms.reviewer:
+ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
index 395703b43d..c6f69cd3eb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Create packages for multiple operating systems or languages
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
index 18ac122bc2..ddaef22325 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Customize Internet Explorer 11 installation packages
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 843d917596..272606e319 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ description: Delete a single site from your global Enterprise Mode site list.
ms.pagetype: appcompat
ms.mktglfcycl: deploy
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
index 0f0c56de35..e237c2bdf9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index 7eaac18e22..59fd8be3e9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Deploy Internet Explorer 11 using software distribution tools
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index c6d0cce921..513e6e6b22 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index 5cfa201d18..84dad46c94 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 29574ab860..dcccac9252 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index e21f3e41ed..685505a35e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -5,7 +5,7 @@ ms.pagetype: security
description: Enable and disable add-ons using administrative templates and group policy
ms.author: dansimp
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
index 0335e7c1dc..e284e24e3f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Enhanced Protected Mode problems with Internet Explorer
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
index e5e3c31095..8f06049cd6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index e486ed248d..09a4693145 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 5af6fab521..e54ede9c18 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index ce2f14b162..602eeb31b1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 9ec7ddf862..09da9c417c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 4b21bb27-aeac-407f-ae58-ab4c6db2baf6
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index 54da1d4ba1..e5bfe37202 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: When you add multiple sites to your Enterprise Mode site list entries, they’re validated by the Enterprise Mode Site List Manager before they’re entered into your global list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 9f80e39f-dcf1-4124-8931-131357f31d67
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index 93486e7113..60c548477a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index 14284fdfe7..b56fd8d946 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
index 7e8c419582..b30eedc9bc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index c3a615888f..f4ed4d0005 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
index 12b360b126..4c92f29a49 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Group Policy suggestions for compatibility with Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index 6420ff7796..4e6daed0d1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview of the available Group Policy management tools
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index b30e90d746..fa35e57739 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Info about Group Policy preferences versus Group Policy settings
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index 8cec1052e4..a56d04fa5b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index 8a23dbf697..43451d4388 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index 9b5677e069..c3f3970e4d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
index bbfd85b95e..faa1d6387e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
@@ -6,7 +6,7 @@ description: A high-level overview of the delivery process and your options to c
author: dansimp
ms.author: dansimp
ms.manager: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid:
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index ca1542a952..c52880200d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -7,6 +7,7 @@ ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
+ms.prod: windows-client
---
# Full-sized flowchart detailing how document modes are chosen in IE11
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index f585e3210d..aae9d9a67e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index dfb9b8391c..b795f7aab3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -3,7 +3,7 @@ ms.mktglfcycl: deploy
description: Use this guide to learn about the several options and processes you'll need to consider while you're planning for, deploying, and customizing Internet Explorer 11 for your employee's devices.
author: dansimp
ms.author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3
title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
index 47a4d07569..8aa0dba607 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index 0ec2a15346..95c12b215a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
ms.reviewer:
manager: dansimp
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 469b700481..5c8e18fedb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index 8beef9b99d..b8083e1f8d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
index d0d9d17be1..184bfe6f0a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using your network
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
index d593de27c6..1fd9b6a682 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 07b0485309..7184eb2b6a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index 3e6ffbfad8..09442d827c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to fix potential installation problems with Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 3ae77745-86ac-40a9-a37d-eebbf37661a3
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index 803fc7fb83..bdf8c92059 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to fix intranet search problems with Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 58a2d5298b..d64c489972 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index e3e56157b3..1057b3c5c2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
index faa927931e..a002fae480 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index 6c68a1ec01..da41fb9d27 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
description: How to turn managed browser hosting controls back on in Internet Explorer 11.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index e6c30a056e..c0fb369154 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: New group policy settings for Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index 4eed39657f..2f92ef92c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -5,7 +5,7 @@ ms.pagetype: security
description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use.
author: dansimp
ms.author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index f701d8ff8d..41a67c1f65 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 4c973ffad6..43da7e50f7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
index f30c495bb3..4a0eace5e7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local compatibility view list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index d6bb2e98eb..cbdfced218 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local Enterprise Mode site list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
index bc7c2ddc2a..4b385be382 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to use Site List Manager to review neutral sites for IE mode
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index 7b80dd178d..3cd2c04fe3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
index 4d5e66ec80..52343886ce 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index f96a952626..25eb75b0e8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Search to see if a specific site already appears in your global Enterprise Mode site list.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 9424e5e32f..6ea7312b42 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: security
description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index b42426f1d7..a0dda11994 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Set up and turn on Enterprise Mode logging and data collection in your organization.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index c022c08569..7837facce4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
index 70d197c391..f6394d3e98 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: support
ms.pagetype: appcompat
description: Reviewing log files to learn more about potential setup problems with Internet Explorer 11.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 2cd79988-17d1-4317-bee9-b3ae2dd110a0
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index 818b3acf64..9effadf0cc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Lists the minimum system requirements and supported languages for Internet Explorer 11.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 27185e3d-c486-4e4a-9c51-5cb317c0006d
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
index ec77071c73..8da9b011be 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
@@ -5,7 +5,7 @@ ms.pagetype: appcompat
description: Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
author: dansimp
ms.author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid:
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
index bf8ceeb867..a2acebea3a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
description: Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with Internet Explorer.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 0361c1a6-3faa-42b2-a588-92439eebeeab
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
index 7e4561fa2a..fdb532ae11 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
index 178085c2ad..88f647c16d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
description: Turn off natural metrics for Internet Explorer 11
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index 1b32fa64ad..638c8229cd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -5,7 +5,7 @@ ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
ms.reviewer:
audience: itpro
manager: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.pagetype: appcompat
ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index 6290d3a462..b261f633c7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Turn on local user control and logging for Enterprise Mode.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index ace67f0ddc..98739a8df1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: High-level info about some of the new and updated features for Internet Explorer 11.
author: dansimp
-ms.prod: ie11
+ms.prod: windows-client
ms.assetid: f53c6f04-7c60-40e7-9fc5-312220f08156
ms.reviewer:
audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
index fe55abfdc6..2b4747c07c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
-ms.prod: ie11
+ms.prod: windows-client
title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
index cba6e52972..5db86b1956 100644
--- a/browsers/internet-explorer/index.md
+++ b/browsers/internet-explorer/index.md
@@ -3,7 +3,8 @@ ms.mktglfcycl: deploy
description: The landing page for IE11 that lets you access the documentation.
author: dansimp
ms.author: dansimp
-ms.prod: ie11
+manager: dansimp
+ms.prod: windows-client
title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
ms.sitesec: library
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 05e93f6e25..17eee2393b 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -9,6 +9,7 @@ metadata:
author: aczechowski
ms.author: aaroncz
ms.date: 07/29/2022
+ ms.prod: ie11
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
deleted file mode 100644
index 017aa6750e..0000000000
--- a/devices/hololens/docfx.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
- "build": {
- "content": [
- {
- "files": [
- "**/*.md",
- "**/**.yml"
- ],
- "exclude": [
- "**/obj/**",
- "devices/hololens/**",
- "**/includes/**"
- ]
- }
- ],
- "resource": [
- {
- "files": [
- "**/*.png",
- "**/*.jpg",
- "**/*.gif"
- ],
- "exclude": [
- "**/obj/**",
- "devices/hololens/**",
- "**/includes/**"
- ]
- }
- ],
- "overwrite": [],
- "externalReference": [],
- "globalMetadata": {
- "recommendations": true,
- "breadcrumb_path": "/hololens/breadcrumb/toc.json",
- "ms.technology": "windows",
- "ms.topic": "article",
- "audience": "ITPro",
- "manager": "dansimp",
- "ms.date": "04/05/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.itpro-hololens",
- "folder_relative_path_in_docset": "./"
- }
-
- },
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ]
- },
- "fileMetadata": {},
- "template": [],
- "dest": "devices/hololens",
- "markdownEngineName": "markdig"
- },
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "Kellylorenebaker",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ]
-}
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
deleted file mode 100644
index a9772d7b8c..0000000000
--- a/devices/surface-hub/docfx.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
- "build": {
- "content": [
- {
- "files": [
- "**/**.md",
- "**/**.yml"
- ],
- "exclude": [
- "**/obj/**"
- ]
- }
- ],
- "resource": [
- {
- "files": [
- "**/images/**",
- "**/*.pptx",
- "**/*.pdf"
- ],
- "exclude": [
- "**/obj/**"
- ]
- }
- ],
- "globalMetadata": {
- "recommendations": true,
- "breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.technology": "windows",
- "audience": "ITPro",
- "ms.topic": "article",
- "manager": "dansimp",
- "ms.mktglfcycl": "manage",
- "ms.sitesec": "library",
- "ms.date": "05/23/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.surface-hub",
- "folder_relative_path_in_docset": "./"
- }
- },
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "Kellylorenebaker",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ],
- "titleSuffix": "Surface Hub"
- },
- "externalReference": [],
- "template": "op.html",
- "dest": "devices/surface-hub",
- "markdownEngineName": "markdig"
- }
-}
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
deleted file mode 100644
index f11706aa9d..0000000000
--- a/devices/surface/docfx.json
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- "build": {
- "content": [
- {
- "files": [
- "**/**.md",
- "**/**.yml"
- ],
- "exclude": [
- "**/obj/**"
- ]
- }
- ],
- "resource": [
- {
- "files": [
- "**/images/**"
- ],
- "exclude": [
- "**/obj/**"
- ]
- }
- ],
- "globalMetadata": {
- "recommendations": true,
- "breadcrumb_path": "/surface/breadcrumb/toc.json",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.technology": "windows",
- "audience": "ITPro",
- "ms.topic": "article",
- "manager": "dansimp",
- "ms.date": "05/09/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.surface",
- "folder_relative_path_in_docset": "./"
- }
- },
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "Kellylorenebaker",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ],
- "titleSuffix": "Surface"
- },
- "externalReference": [],
- "template": "op.html",
- "dest": "devices/surface",
- "markdownEngineName": "markdig"
-}
-}
diff --git a/education/breadcrumb/toc.yml b/education/breadcrumb/toc.yml
index 93f929e957..15833fa467 100644
--- a/education/breadcrumb/toc.yml
+++ b/education/breadcrumb/toc.yml
@@ -1,3 +1,4 @@
+items:
- name: Docs
tocHref: /
topicHref: /
@@ -12,4 +13,6 @@
- name: Windows
tocHref: /education/windows
topicHref: /education/windows/index
-
\ No newline at end of file
+ - name: Windows
+ tocHref: /windows/configuration/
+ topicHref: /education/windows/index
diff --git a/education/context/context.yml b/education/context/context.yml
new file mode 100644
index 0000000000..861f88f272
--- /dev/null
+++ b/education/context/context.yml
@@ -0,0 +1,4 @@
+### YamlMime: ContextObject
+brand: windows
+breadcrumb_path: ../breadcrumb/toc.yml
+toc_rel: ../windows/toc.yml
\ No newline at end of file
diff --git a/education/docfx.json b/education/docfx.json
index 105c802404..df077d1783 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -17,7 +17,8 @@
"files": [
"**/*.png",
"**/*.jpg",
- "**/*.svg"
+ "**/*.svg",
+ "**/*.gif"
],
"exclude": [
"**/obj/**",
@@ -28,9 +29,15 @@
"globalMetadata": {
"recommendations": true,
"ms.topic": "article",
- "ms.technology": "windows",
+ "ms.collection": "education",
+ "ms.prod": "windows-client",
+ "ms.technology": "itpro-edu",
+ "author": "paolomatarazzo",
+ "ms.author": "paoloma",
"manager": "aaroncz",
+ "ms.localizationpriority": "medium",
"breadcrumb_path": "/education/breadcrumb/toc.json",
+ "uhfHeaderId": "MSDocsHeader-M365-IT",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
@@ -40,6 +47,7 @@
"folder_relative_path_in_docset": "./"
}
},
+ "titleSuffix": "Windows Education",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
@@ -54,9 +62,17 @@
"garycentric"
]
},
+ "fileMetadata": {
+ "ms.localizationpriority": {
+ "windows/tutorial-school-deployment/**/**.md": "medium"
+ },
+ "ms.topic": {
+ "windows/tutorial-school-deployment/**/**.md": "tutorial"
+ }
+ },
"externalReference": [],
"template": "op.html",
"dest": "education",
"markdownEngineName": "markdig"
}
-}
+}
\ No newline at end of file
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index e06d4cfd48..c0a273e836 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,51 +2,51 @@
-## Week of August 08, 2022
+## Week of September 19, 2022
| Published On |Topic title | Change |
|------|------------|--------|
-| 8/10/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
-| 8/10/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified |
-| 8/10/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified |
-| 8/10/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
-| 8/10/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified |
-| 8/10/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
-| 8/10/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
-| 8/10/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
-| 8/10/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
-| 8/10/2022 | [Enable S mode on Surface Go devices for Education](/education/windows/enable-s-mode-on-surface-go-devices) | modified |
-| 8/10/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
-| 8/10/2022 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |
-| 8/10/2022 | [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](/education/windows/s-mode-switch-to-edu) | modified |
-| 8/10/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
-| 8/10/2022 | [Azure AD Join with Set up School PCs app](/education/windows/set-up-school-pcs-azure-ad-join) | modified |
-| 8/10/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified |
-| 8/10/2022 | [Shared PC mode for school devices](/education/windows/set-up-school-pcs-shared-pc-mode) | modified |
-| 8/10/2022 | [Set up School PCs app technical reference overview](/education/windows/set-up-school-pcs-technical) | modified |
-| 8/10/2022 | [What's new in the Windows Set up School PCs app](/education/windows/set-up-school-pcs-whats-new) | modified |
-| 8/10/2022 | [Set up student PCs to join domain](/education/windows/set-up-students-pcs-to-join-domain) | modified |
-| 8/10/2022 | [Provision student PCs with apps](/education/windows/set-up-students-pcs-with-apps) | modified |
-| 8/10/2022 | [Set up Windows devices for education](/education/windows/set-up-windows-10) | modified |
-| 8/10/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified |
-| 8/10/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified |
-| 8/10/2022 | [Set up Take a Test on a single PC](/education/windows/take-a-test-single-pc) | modified |
-| 8/10/2022 | [Take tests in Windows 10](/education/windows/take-tests-in-windows-10) | modified |
-| 8/10/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
-| 8/10/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified |
-| 8/10/2022 | [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) | modified |
-| 8/10/2022 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | modified |
-| 8/10/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
-| 8/10/2022 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified |
+| 9/20/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
-## Week of July 25, 2022
+## Week of September 12, 2022
| Published On |Topic title | Change |
|------|------------|--------|
-| 7/26/2022 | [Upgrade Windows Home to Windows Education on student-owned devices](/education/windows/change-home-to-edu) | added |
-| 7/26/2022 | [Secure the Windows boot process](/education/windows/change-home-to-edu) | modified |
-| 7/25/2022 | Edit an existing topic using the Edit link | removed |
-| 7/26/2022 | [Windows Hello for Business Videos](/education/windows/change-home-to-edu) | modified |
+| 9/13/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
+| 9/14/2022 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
+| 9/14/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
+
+
+## Week of September 05, 2022
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 9/8/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
+| 9/8/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
+| 9/8/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
+| 9/9/2022 | [Take tests in Windows](/education/windows/take-tests-in-windows-10) | modified |
+
+
+## Week of August 29, 2022
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 8/31/2022 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | added |
+| 8/31/2022 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | added |
+| 8/31/2022 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | added |
+| 8/31/2022 | [Enrollment in Intune with standard out-of-box experience (OOBE)](/education/windows/tutorial-school-deployment/enroll-aadj) | added |
+| 8/31/2022 | [Enrollment in Intune with Windows Autopilot](/education/windows/tutorial-school-deployment/enroll-autopilot) | added |
+| 8/31/2022 | [Device enrollment overview](/education/windows/tutorial-school-deployment/enroll-overview) | added |
+| 8/31/2022 | [Enrollment of Windows devices with provisioning packages](/education/windows/tutorial-school-deployment/enroll-package) | added |
+| 8/31/2022 | [Introduction](/education/windows/tutorial-school-deployment/index) | added |
+| 8/31/2022 | [Manage devices with Microsoft Intune](/education/windows/tutorial-school-deployment/manage-overview) | added |
+| 8/31/2022 | [Management functionalities for Surface devices](/education/windows/tutorial-school-deployment/manage-surface-devices) | added |
+| 8/31/2022 | [Reset and wipe Windows devices](/education/windows/tutorial-school-deployment/reset-wipe) | added |
+| 8/31/2022 | [Set up Azure Active Directory](/education/windows/tutorial-school-deployment/set-up-azure-ad) | added |
+| 8/31/2022 | [Set up device management](/education/windows/tutorial-school-deployment/set-up-microsoft-intune) | added |
+| 8/31/2022 | [Troubleshoot Windows devices](/education/windows/tutorial-school-deployment/troubleshoot-overview) | added |
diff --git a/education/index.yml b/education/index.yml
index b67a140734..1a3a69e704 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -23,7 +23,7 @@ productDirectory:
# Card
- title: Phase 1 - Cloud deployment
imageSrc: ./images/EDU-Deploy.svg
- summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your active directry and SIS, and license users.
+ summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your Active Directory and SIS, and license users.
url: /microsoft-365/education/deploy/create-your-office-365-tenant
# Card
- title: Phase 2 - Device management
@@ -73,7 +73,7 @@ productDirectory:
text: IT admin help
- url: https://support.office.com/education
text: Education help center
- - url: /learn/educator-center/
+ - url: /training/educator-center/
text: Teacher training packs
# Card
- title: Check out our education journey
@@ -115,4 +115,4 @@ additionalContent:
# Card
- title: Education Partner community Yammer group
summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer.
- url: https://www.yammer.com/mepn/
\ No newline at end of file
+ url: https://www.yammer.com/mepn/
diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml
index f2d04a9792..d3f96435a9 100644
--- a/education/windows/TOC.yml
+++ b/education/windows/TOC.yml
@@ -1,73 +1,106 @@
-- name: Windows 11 SE for Education
+items:
+- name: Windows for Education Documentation
+ href: index.yml
+- name: Tutorials
+ expanded: true
items:
- - name: Overview
- href: windows-11-se-overview.md
- - name: Settings and CSP list
- href: windows-11-se-settings-list.md
-- name: Windows 10 for Education
- href: index.md
+ - name: Deploy and manage Windows devices in a school
+ href: tutorial-school-deployment/toc.yml
+- name: Concepts
items:
+ - name: Windows 11 SE
+ items:
+ - name: Overview
+ href: windows-11-se-overview.md
+ - name: Settings list
+ href: windows-11-se-settings-list.md
+ - name: Frequently Asked Questions (FAQ)
+ href: windows-11-se-faq.yml
+ - name: Windows in S Mode
+ items:
+ - name: Test Windows 10 in S mode on existing Windows 10 education devices
+ href: test-windows10s-for-edu.md
+ - name: Enable Windows 10 in S mode on Surface Go devices
+ href: enable-s-mode-on-surface-go-devices.md
- name: Windows 10 editions for education customers
href: windows-editions-for-education-customers.md
+ - name: Considerations for shared and guest devices
+ href: /windows/configuration/shared-devices-concepts?context=/education/context/context
- name: Windows 10 configuration recommendations for education customers
href: configure-windows-for-education.md
- - name: Deployment recommendations for school IT administrators
- href: edu-deployment-recommendations.md
- - name: Set up Windows devices for education
- href: set-up-windows-10.md
+ - name: Take tests and assessments in Windows
+ href: take-tests-in-windows.md
+- name: How-to-guides
+ items:
+ - name: Configure education themes
+ href: edu-themes.md
+ - name: Configure Stickers
+ href: edu-stickers.md
+ - name: Configure Take a Test in kiosk mode
+ href: edu-take-a-test-kiosk-mode.md
+ - name: Configure federated sign-in
+ href: federated-sign-in.md
+ - name: Configure Shared PC
+ href: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
+ - name: Use the Set up School PCs app
+ href: use-set-up-school-pcs-app.md
+ - name: Change Windows edition
items:
- - name: What's new in Set up School PCs
- href: set-up-school-pcs-whats-new.md
- - name: Technical reference for the Set up School PCs app
- href: set-up-school-pcs-technical.md
- items:
- - name: Azure AD Join for school PCs
- href: set-up-school-pcs-azure-ad-join.md
- - name: Shared PC mode for school devices
- href: set-up-school-pcs-shared-pc-mode.md
- - name: Provisioning package settings
- href: set-up-school-pcs-provisioning-package.md
- - name: Use the Set up School PCs app
- href: use-set-up-school-pcs-app.md
- - name: Set up student PCs to join domain
- href: set-up-students-pcs-to-join-domain.md
- - name: Provision student PCs with apps
- href: set-up-students-pcs-with-apps.md
- - name: Take tests in Windows 10
- href: take-tests-in-windows-10.md
+ - name: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
+ href: s-mode-switch-to-edu.md
+ - name: Change to Windows 10 Pro Education from Windows 10 Pro
+ href: change-to-pro-education.md
+ - name: Upgrade Windows Home to Windows Education on student-owned devices
+ href: change-home-to-edu.md
+ - name: "Get and deploy Minecraft: Education Edition"
items:
- - name: Set up Take a Test on a single PC
- href: take-a-test-single-pc.md
- - name: Set up Take a Test on multiple PCs
- href: take-a-test-multiple-pcs.md
- - name: Take a Test app technical reference
- href: take-a-test-app-technical.md
+ - name: "Get Minecraft: Education Edition"
+ href: get-minecraft-for-education.md
+ - name: "For IT administrators: get Minecraft Education Edition"
+ href: school-get-minecraft.md
+ - name: "For teachers: get Minecraft Education Edition"
+ href: teacher-get-minecraft.md
+ - name: Work with Microsoft Store for Education
+ href: education-scenarios-store-for-business.md
+ - name: Migrate from Chromebook to Windows
+ items:
+ - name: Chromebook migration guide
+ href: chromebook-migration-guide.md
+ - name: Deploy Windows 10 devices in a school
+ items:
+ - name: Overview
+ href: deploy-windows-10-overview.md
+ - name: Deploy Windows 10 in a school
+ href: deploy-windows-10-in-a-school.md
+ - name: Deploy Windows 10 in a school district
+ href: deploy-windows-10-in-a-school-district.md
+ - name: Deployment recommendations for school IT administrators
+ href: edu-deployment-recommendations.md
+ - name: Set up Windows devices for education
+ items:
+ - name: Overview
+ href: set-up-windows-10.md
+ - name: Azure AD join for school PCs
+ href: set-up-school-pcs-azure-ad-join.md
+ - name: Active Directory join for school PCs
+ href: set-up-students-pcs-to-join-domain.md
+ - name: Provision student PCs with apps
+ href: set-up-students-pcs-with-apps.md
- name: Reset devices with Autopilot Reset
href: autopilot-reset.md
- - name: Working with Microsoft Store for Education
- href: education-scenarios-store-for-business.md
- - name: "Get Minecraft: Education Edition"
- href: get-minecraft-for-education.md
- items:
- - name: "For teachers: get Minecraft Education Edition"
- href: teacher-get-minecraft.md
- - name: "For IT administrators: get Minecraft Education Edition"
- href: school-get-minecraft.md
- - name: Test Windows 10 in S mode on existing Windows 10 education devices
- href: test-windows10s-for-edu.md
- - name: Enable Windows 10 in S mode on Surface Go devices
- href: enable-s-mode-on-surface-go-devices.md
- - name: Deploy Windows 10 in a school
- href: deploy-windows-10-in-a-school.md
- - name: Deploy Windows 10 in a school district
- href: deploy-windows-10-in-a-school-district.md
- - name: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
- href: s-mode-switch-to-edu.md
- - name: Change to Windows 10 Pro Education from Windows 10 Pro
- href: change-to-pro-education.md
- - name: Upgrade Windows Home to Windows Education on student-owned devices
- href: change-home-to-edu.md
- - name: Chromebook migration guide
- href: chromebook-migration-guide.md
- - name: Change history for Windows 10 for Education
- href: change-history-edu.md
+- name: Reference
+ items:
+ - name: Set up School PCs
+ items:
+ - name: Set up School PCs app technical reference
+ href: set-up-school-pcs-technical.md
+ - name: Provisioning package settings
+ href: set-up-school-pcs-provisioning-package.md
+ - name: What's new in Set up School PCs
+ href: set-up-school-pcs-whats-new.md
+ - name: Take a Test technical reference
+ href: take-a-test-app-technical.md
+ - name: Shared PC technical reference
+ href: /windows/configuration/shared-pc-technical?context=/education/context/context
+
+
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index ad98be350e..b261f4a4e9 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -1,20 +1,12 @@
---
title: Reset devices with Autopilot Reset
-description: Gives an overview of Autopilot Reset and how you can enable and use it in your schools.
-keywords: Autopilot Reset, Windows, education
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn about Autopilot Reset and how to enable and use it.
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
+ms.topic: how-to
+appliesto:
+ - ✅ Windows 10
+ms.collection:
+ - highpri
---
# Reset devices with Autopilot Reset
@@ -61,7 +53,7 @@ You can set the policy using one of these methods:
- When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
- 
+ 
## Trigger Autopilot Reset
Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use.
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
deleted file mode 100644
index 9a1acea7a1..0000000000
--- a/education/windows/change-history-edu.md
+++ /dev/null
@@ -1,156 +0,0 @@
----
-title: Change history for Windows 10 for Education (Windows 10)
-description: New and changed topics in Windows 10 for Education
-keywords: Windows 10 education documentation, change history
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
----
-# Change history for Windows 10 for Education
-
-This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
-
-## May 2019
-
-|New or changed topic | Description|
-|-----------|-------------|
-|[Windows 10 Subscription Activation](/windows/deployment/windows-10-subscription-activation)|Subscription activation support for Windows 10 Pro Education to Windows 10 Education|
-
-## April 2018
-New or changed topic | Description
---- | ---
-[Windows 10 Pro in S mode for Education](s-mode-switch-to-edu.md) | Created a new topic on S mode for Education. |
-[Change to Windows 10 Education from Windows 10 Pro](change-to-pro-education.md) | Updated sections referencing S mode.
-
-## March 2018
-
-New or changed topic | Description
---- | ---
-[Reset devices with Autopilot Reset](autopilot-reset.md) | Added section for troubleshooting Autopilot Reset.
-
-## November 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the list of device manufacturers. |
-| [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
-| [Set up Take a Test on a single PC](take-a-test-single-pc.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
-| [Take a Test app technical reference](take-a-test-app-technical.md) | Added a note that the Alt+F4 key combination for enabling students to exit the test is disabled in Windows 10, version 1703 (Creators Update) and later. Also added more information about the Ctrl+Alt+Del key combination. |
-
-## RELEASE: Windows 10, version 1709 (Fall Creators Update)
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Reset devices with Autopilot Reset](autopilot-reset.md) | New. Learn how you can use this new feature to quickly reset student PCs from the lock screen and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use and returned to a fully configured or known IT-approved state. |
-| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the *Go back to your previous edition of Windows 10* section with new information on how to work around cases where Win32 apps are blocked after switching from Windows 10 S back to your previous Windows edition. |
-| [Take a Test app technical reference](take-a-test-app-technical.md) | Updated. Starting with Windows 10, version 1709 (Fall Creators Update), assessments can now run in permissive mode. This mode enables students who need access to other apps, like accessibility tools, to use the apps. |
-
-## September 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated the prerequisites to provide more clarification. |
-
-## August 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | New. Find out how you can test Windows 10 S on various Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us. |
-| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated the instructions to reflect the new or updated functionality in the latest version of the app. |
-
-## July 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-for-education.md) | New information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices. |
-| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Added the how-to video, which shows how to use the app to create a provisioning package that you can use to set up school PCs. |
-| [Take a Test app technical reference](take-a-test-app-technical.md) | Added a Group Policy section to inform you of any policies that affect the Take a Test app or functionality within the app. |
-
-## June 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) | Includes the following updates: - New configuration guidance for IT administrators to enable students and school personnel, who use assistive technology apps not available in the Microsoft Store for Education and use devices running Windows 10 S, to be successful in the classroom and in their jobs. - New configuration information when using Windows 10 S for education. |
-| [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) | New configuration guidance for IT administrators to enable students and school personnel, who use assistive technology apps not available in the Microsoft Store for Education and use devices running Windows 10 S, to be successful in the classroom and in their jobs. |
-| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated the recommended apps section to include information about Office 365 for Windows 10 S (Education Preview). |
-
-## May 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) | New. If you have an education tenant and use devices Windows 10 Pro or Windows 10 S in your schools, find out how you can opt in to a free switch to Windows 10 Pro Education. |
-| [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated. Now includes network tips and updated step-by-step instructions that show the latest updates to the app such as Wi-Fi setup. |
-
-## RELEASE: Windows 10, version 1703 (Creators Update)
-
-| New or changed topic | Description|
-| --- | --- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](/microsoft-365/education/deploy/) | New. Learn how you can quickly and easily use the new Microsoft Education system to implement a full IT cloud solution for your school. |
-| [Microsoft Education documentation and resources](/education) | New. Find links to more content for IT admins, teachers, students, and education app developers. |
-| [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) | New. Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school. |
-| [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) | Updated the screenshots and related instructions to reflect the current UI and experience. |
-| [Set up Windows devices for education](set-up-windows-10.md) | Updated for Windows 10, version 1703. |
-| Set up School PCs app: [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md) [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated. Describes the school-specific settings and policies that Set up School PC configures. Also provides step-by-step instructions for using the latest version of the app to create a provisioning package that you can use to set up student PCs. |
-| Set up using Windows Configuration Designer: [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md) [Provision student PCs with apps](set-up-students-pcs-with-apps.md) | Updated the information for Windows 10, version 1703. |
-| [Take tests in Windows 10](take-tests-in-windows-10.md) [Set up Take a Test on a single PC](take-a-test-single-pc.md) [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) [Take a Test app technical reference](take-a-test-app-technical.md) | Updated. Includes new information on ways you can set up the test account and assessment URL and methods for creating and distributing the link. Methods available to you vary depending on whether you're setting up Take a Test on a single PC or multiple PCs. |
-
-## January 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [For IT administrators - get Minecraft: Education Edition](school-get-minecraft.md) | Updates. Learn how schools can use invoices to pay for Minecraft: Education Edition. |
-
-## December 2016
-
-| New or changed topic | Description |
-| --- | --- |
-| [Upgrade Windows 10 Pro to Pro Education from Microsoft Store for Business] | New. Learn how to opt-in to a free upgrade to Windows 10 Pro Education. As of May 2017, this topic has been replaced with [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md). |
-
-## November 2016
-
-| New or changed topic | Description|
-| --- | --- |
-| [Working with Microsoft Store for Business – education scenarios](education-scenarios-store-for-business.md) | New. Learn about education scenarios for Microsoft Store for Business. |
-| [For teachers - get Minecraft: Education Edition](teacher-get-minecraft.md) | Updates. Subscription support for Minecraft: Education Edition. |
-| [For IT administrators - get Minecraft: Education Edition](school-get-minecraft.md) | Updates. Subscription support for Minecraft: Education Edition. |
-
-
-## RELEASE: Windows 10, version 1607 (Anniversary Update)
-The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
-
-- [Set up Windows 10](set-up-windows-10.md)
-- [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
-- [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
-- [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
-
-## July 2016
-
-| New or changed topic | Description|
-| --- | --- |
-| [Windows 10 editions for education customers](windows-editions-for-education-customers.md) | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. |
-|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use Configuration Manager, Intune, and Group Policy to manage devices. |
-
-## June 2016
-
-| New or changed topic | Description |
-|----------------------|-------------|
-| [Get Minecraft Education Edition](get-minecraft-for-education.md) [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New. Learn how to get and distribute Minecraft: Education Edition. |
-
-## May 2016
-
-| New or changed topic | Description |
-|----------------------|-------------|
-| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New. Learn how the Set up School PCs app works and how to use it. |
-| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New. Describes the changes that the Set up School PCs app makes to a PC. |
-| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New. Learn how to set up and use the Take a Test app. |
-| [Chromebook migration guide](chromebook-migration-guide.md) | Moved from [Windows 10 and Windows 10 Mobile](/windows/deployment/planning/) library, originally published in November 2015 |
-| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Moved from [Windows 10 and Windows 10 Mobile](/windows/deployment/planning/) library, originally published in May 2016 |
\ No newline at end of file
diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md
index bb3a601ed0..d6aa215ab3 100644
--- a/education/windows/change-home-to-edu.md
+++ b/education/windows/change-home-to-edu.md
@@ -2,15 +2,11 @@
title: Upgrade Windows Home to Windows Education on student-owned devices
description: Learn how IT Pros can upgrade student-owned devices from Windows Home to Windows Education using Mobile Device Management or Kivuto OnTheHub with qualifying subscriptions.
ms.date: 08/10/2022
-ms.prod: windows
-ms.technology: windows
ms.topic: how-to
-ms.localizationpriority: medium
author: scottbreenmsft
ms.author: scbree
ms.reviewer: paoloma
manager: jeffbu
-ms.collection: education
appliesto:
- ✅ Windows 10
- ✅ Windows 11
diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md
index 3c0e5424ee..5deee8e80f 100644
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@@ -1,20 +1,12 @@
---
title: Change to Windows 10 Education from Windows 10 Pro
description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro.
-keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
+appliesto:
+ - ✅ Windows 10
+ms.collection:
+ - highpri
---
# Change to Windows 10 Pro Education from Windows 10 Pro
@@ -81,7 +73,7 @@ You can use Windows Configuration Designer to create a provisioning package that
**Figure 2** - Enter the license key
- 
+ 
3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to change to Windows 10 Pro Education.
@@ -170,16 +162,8 @@ If the Windows device is running Windows 10, version 1703, follow these steps.
1. During initial device setup, on the **How would you like to set up?** page, select **Set up for an organization**, and then click **Next**.
- **Figure 4** - Select how you'd like to set up the device
-
- 
-
2. On the **Sign in with Microsoft** page, enter the username and password to use with Office 365 or other services from Microsoft, and then click **Next**.
- **Figure 5** - Enter the account details
-
- 
-
3. Go through the rest of Windows device setup. Once you're done, the device will be Azure AD joined to your school's subscription.
@@ -305,10 +289,6 @@ You need to synchronize these identities so that users will have a *single ident
(Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
-**Figure 13** - On-premises AD DS integrated with Azure AD
-
-
-
For more information about integrating on-premises AD DS domains with Azure AD, see these resources:
- [Integrating your on-premises identities with Azure Active Directory](/azure/active-directory/hybrid/whatis-hybrid-identity)
- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index b7d6452223..0c08e17617 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -1,19 +1,8 @@
---
title: Chromebook migration guide (Windows 10)
-description: In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
-ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
-keywords: migrate, automate, device, Chromebook migration
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu, devices
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -142,7 +131,7 @@ Table 3. Settings in the Security node in the Google Admin Console
|Set up single sign-on (SSO)|This section is used to configure SSO for Google web-based apps (such as Google Apps Gmail or Google Apps Calendar). While you don’t need to migrate any settings in this section, you probably will want to configure Azure Active Directory synchronization to replace Google-based SSO.|
|Advanced settings|This section is used to configure administrative access to user data and to configure the Google Secure Data Connector (which allows Google Apps to access data on your local network). You don’t need to migrate any settings in this section.|
-**Identify locally-configured settings to migrate**
+**Identify locally configured settings to migrate**
In addition to the settings configured in the Google Admin Console, users may have locally configured their devices based on their own personal preferences (as shown in Figure 2). Table 4 lists the Chromebook user and device settings that you can locally configure. Review the settings and determine which settings you'll migrate to Windows. Some of the settings listed in Table 4 can only be seen when you click the **Show advanced settings** link (as shown in Figure 2).
@@ -150,7 +139,7 @@ In addition to the settings configured in the Google Admin Console, users may ha
Figure 2. Locally configured settings on Chromebook
-Table 4. Locally-configured settings
+Table 4. Locally configured settings
| Section | Settings |
|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -206,7 +195,7 @@ In addition to Chromebook devices, users may have companion devices (smartphones
After you've identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify these credentials on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify these credentials on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://support.microsoft.com/office/compare-how-different-mobile-devices-work-with-office-365-bdd06229-776a-4824-947c-82425d72597b).
**Identify the optimal timing for the migration**
@@ -416,11 +405,11 @@ Examine each of the following network infrastructure technologies and services a
For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
- - [Chromebook vs. Windows Notebook Network Traffic Analysis](https://go.microsoft.com/fwlink/p/?LinkId=690255)
+ - [Chromebook vs. Windows Notebook Network Traffic Analysis](https://www.principledtechnologies.com/Microsoft/Chromebook_PC_network_traffic_0613.pdf)
- - [Hidden Cost of Chromebook Deployments](https://go.microsoft.com/fwlink/p/?LinkId=690256)
+ - [Hidden Cost of Chromebook Deployments](https://www.principledtechnologies.com/Microsoft/Windows_Chromebook_bandwidth_0514.pdf)
- - [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://go.microsoft.com/fwlink/p/?LinkId=690257)
+ - [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://www.principledtechnologies.com/Microsoft/Windows_8.1_vs_Chromebooks_in_Education_0715.pdf)
- **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This condition means that your existing power outlets should support the same number of Windows devices.
@@ -442,15 +431,11 @@ You must perform some of the steps in this section in a specific sequence. Each
The first migration task is to perform any network infrastructure remediation. In the [Plan network infrastructure remediation](#plan-network-infra-remediation) section, you determined the network infrastructure remediation (if any) that you needed to perform.
-It's important that you perform any network infrastructure remediation first because the remaining migration steps are dependent on the network infrastructure. Table 7 lists the Microsoft network infrastructure products and technologies and deployment resources for each.
+It's important that you perform any network infrastructure remediation first because the remaining migration steps are dependent on the network infrastructure. Use the following Microsoft network infrastructure products and technologies:
-Table 7. Network infrastructure products and technologies and deployment resources
-
-|Product or technology|Resources|
-|--- |--- |
-|DHCP|
[Deploying Domain Name System (DNS)](/previous-versions/windows/it-pro/windows-server-2003/cc780661(v=ws.10))|
-
+- [Core network guidance for Windows Server](/windows-server/networking/core-network-guide/core-network-guide-windows-server)
+- [DHCP overview](/windows-server/networking/technologies/dhcp/dhcp-top)
+- [DNS overview](/windows-server/networking/dns/dns-top)
If you use network infrastructure products and technologies from other vendors, refer to the vendor documentation on how to perform the necessary remediation. If you determined that no remediation is necessary, you can skip this section.
@@ -459,34 +444,39 @@ If you use network infrastructure products and technologies from other vendors,
It's important that you perform AD DS and Azure AD services deployment or remediation right after you finish network infrastructure remediation. Many of the remaining migration steps are dependent on you having your identity system (AD DS or Azure AD) in place and up to necessary expectations.
-In the [Plan for Active Directory services](#plan-adservices) section, you determined the AD DS and/or Azure AD deployment or remediation (if any) that needed to be performed. Table 8 list AD DS, Azure AD, and the deployment resources for both. Use the resources in this table to deploy or remediate on-premises AD DS, Azure AD, or both.
+In the [Plan for Active Directory services](#plan-adservices) section, you determined the AD DS and/or Azure AD deployment or remediation (if any) that needed to be performed. Use the following resources to deploy or remediate on-premises AD DS, Azure AD, or both:
-Table 8. AD DS, Azure AD and deployment resources
-
-|Product or technology|Resources|
-|--- |--- |
-|AD DS|
[Azure Active Directory documentation](/azure/active-directory/)
[Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259)
[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](/windows-server/identity/ad-ds/introduction-to-active-directory-domain-services-ad-ds-virtualization-level-100)|
+- [Core network guidance for Windows Server](/windows-server/networking/core-network-guide/core-network-guide-windows-server)
+- [AD DS overview](/windows-server/identity/ad-ds/active-directory-domain-services)
+- [Azure AD documentation](/azure/active-directory/)
+- [Azure AD Premium](https://azure.microsoft.com/pricing/details/active-directory/)
+- [Safely virtualizing Active Directory Domain Services (AD DS)](/windows-server/identity/ad-ds/introduction-to-active-directory-domain-services-ad-ds-virtualization-level-100)|
If you decided not to migrate to AD DS or Azure AD as a part of the migration, or if you determined that no remediation is necessary, you can skip this section. If you use identity products and technologies from another vendor, refer to the vendor documentation on how to perform the necessary steps.
## Prepare device, user, and app management systems
-
In the [Plan device, user, and app management](#plan-userdevapp-manage) section of this guide, you selected the products and technologies that you'll use to manage devices, users, and apps on Windows devices. You need to prepare your management systems prior to Windows 10 device deployment. You'll use these management systems to manage the user and device settings that you selected to migrate in the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section. You need to prepare these systems prior to the migration of user and device settings.
-Table 9 lists the Microsoft management systems and the deployment resources for each. Use the resources in this table to prepare (deploy or remediate) these management systems.
+Use the following Microsoft management systems and the deployment resources to prepare (deploy or remediate) these management systems.
-Table 9. Management systems and deployment resources
+- [Microsoft Intune](/mem/intune/fundamentals/setup-steps)
-|Management system|Resources|
-|--- |--- |
-|Windows provisioning packages|
[Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
[Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
[Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)|
-|Group Policy|
[Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11))
[Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))"|
-|Configuration Manager|
[Site Administration for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg681983(v=technet.10))
[Deploying Clients for Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699391(v=technet.10))|
-|Intune|
[Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)
[System Center 2012 R2 Configuration Manager & Windows Intune](/learn/?l=fCzIjVKy_6404984382)|
-|MDT|
[Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)|
+- [Windows Autopilot](/mem/autopilot/windows-autopilot)
+- Microsoft Endpoint Configuration Manager [core infrastructure documentation](/mem/configmgr/core/)
+
+- Provisioning packages:
+
+ - [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
+ - [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
+ - [Step-By-Step: Building Windows 10 Provisioning Packages](/archive/blogs/canitpro/step-by-step-building-windows-10-provisioning-packages)
+
+- Group policy
+
+ - [Core Network Companion Guide: Group Policy Deployment](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj899807(v=ws.11))
+ - [Deploying Group Policy](/previous-versions/windows/it-pro/windows-server-2003/cc737330(v=ws.10))
+
If you determined that no new management system or no remediation of existing systems is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
## Perform app migration or replacement
@@ -494,21 +484,19 @@ If you determined that no new management system or no remediation of existing sy
In the [Plan for app migration or replacement](#plan-app-migrate-replace) section, you identified the apps currently in use on Chromebook devices and selected the Windows apps that will replace the Chromebook apps. You also performed app compatibility testing for web apps to ensure that web apps on the Chromebook devices would run on Microsoft Edge and Internet Explorer.
-In this step, you need to configure your management system to deploy the apps to the appropriate Windows users and devices. Table 10 lists the Microsoft management systems and the app deployment resources for each. Use the resources in this table to configure these management systems to deploy the apps that you selected in the [Plan for app migration or replacement](#plan-app-migrate-replace) section of this guide.
+In this step, you need to configure your management system to deploy the apps to the appropriate Windows users and devices. Use the following Microsoft management systems and the app deployment resources to configure these management systems to deploy the apps that you selected in the [Plan for app migration or replacement](#plan-app-migrate-replace) section of this guide.
-Table 10. Management systems and app deployment resources
-
-|Management system|Resources|
-|--- |--- |
-|Group Policy|
[Editing an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10))
[Assigning and Publishing Software](/previous-versions/windows/it-pro/windows-server-2003/cc783635(v=ws.10))|
-|Configuration Manager|
[How to Deploy Applications in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682082(v=technet.10))
[Application Management in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg699373(v=technet.10))|
-|Intune|
[Manage apps with Microsoft Intune](/mem/intune/)|
+- [Manage apps in Microsoft Intune](/mem/intune/apps/)
+- [App management in Configuration Manager](/mem/configmgr/apps/)
+- Group policy
+ - [Edit an AppLocker policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791894(v=ws.10))
+ - [Group policy software deployment background](/previous-versions/windows/it-pro/windows-server-2003/cc739305(v=ws.10))
+ - [Assigning and publishing software](/previous-versions/windows/it-pro/windows-server-2003/cc783635(v=ws.10))
If you determined that no deployment of apps is necessary, you can skip this section. If you use a management system from another vendor, refer to the vendor documentation on how to perform the necessary steps.
## Perform migration of user and device settings
-
In the [Plan for migration of user and device settings](#plan-migrate-user-device-settings) section, you determined the user and device settings that you want to migrate. You selected settings that are configured in the Google Admin Console and locally on the Chromebook device.
Perform the user and device setting migration by using the following steps:
@@ -534,7 +522,7 @@ Alternatively, if you want to migrate to Office 365 from:
- **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
- - [Cutover Exchange Migration and Single Sign-On](https://go.microsoft.com/fwlink/p/?LinkId=690266)
+ - [What you need to know about a cutover email migration in Exchange Online](/exchange/mailbox-migration/what-to-know-about-a-cutover-migration)
- [Step-By-Step: Migration of Exchange 2003 Server to Office 365](/archive/blogs/canitpro/step-by-step-migration-of-exchange-2003-server-to-office-365)
@@ -544,7 +532,6 @@ Alternatively, if you want to migrate to Office 365 from:
## Perform cloud storage migration
-
In the [Plan for cloud storage migration](#plan-cloud-storage-migration) section, you identified the cloud storage services currently in use, selected the Microsoft cloud storage services that you'll use, and optimized your cloud storage services migration plan. You can perform the cloud storage migration before or after you deploy the Windows devices.
Manually migrate the cloud storage migration by using the following steps:
@@ -577,7 +564,9 @@ In the [Select a Windows device deployment strategy](#select-windows-device-depl
For example, if you selected to deploy Windows devices by each classroom, start with the first classroom and then proceed through all of the classrooms until you’ve deployed all Windows devices.
-In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager and/or MDT. For information on how to deploy Windows 10 images to the devices, see the following resources:
+In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager or MDT. For more information on how to deploy Windows 10 images to the devices, see the following resources:
+
+- [OS deployment in Configuration Manager](/mem/configmgr/osd/)
- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
@@ -585,8 +574,6 @@ In some instances, you may receive the devices with Windows 10 already deployed
- [Step-By-Step: Installing Windows 8.1 From A USB Key](/archive/blogs/canitpro/step-by-step-installing-windows-8-1-from-a-usb-key)
-- [Operating System Deployment in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682018(v=technet.10))
-
In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
- Enroll the device with your management system.
@@ -601,10 +588,6 @@ After you complete these steps, your management system should take over the day-
## Related topics
-
[Try it out: Windows 10 deployment (for education)](../index.yml)
[Try it out: Windows 10 in the classroom](../index.yml)
-
-
-
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index 4b876aa023..6ef47f7153 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -1,18 +1,8 @@
---
title: Windows 10 configuration recommendations for education customers
-description: Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school.
-keywords: Windows 10 deployment, recommendations, privacy settings, school, education, configurations, accessibility, assistive technology
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.prod: windows
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school.
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -92,20 +82,14 @@ Use one of these methods to set this policy.
- Data type: Integer
- Value: 0
- 
-
### Group Policy
Set **Computer Configuration > Administrative Templates > Windows Components > Search > AllowCortana** to **Disabled**.
-
-
### Provisioning tools
- [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates.
- [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package)
- Under **Runtime settings**, click the **Policies** settings group, set **Experience > Cortana** to **No**.
- 
-
## SetEduPolicies
**SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It's a policy node in the [SharedPC configuration service provider](/windows/client-management/mdm/sharedpc-csp).
@@ -145,7 +129,7 @@ For example:
- [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package)
- Under **Runtime settings**, click the **SharedPC** settings group, set **PolicyCustomization > SetEduPolicies** to **True**.
- 
+ 
## Ad-free search with Bing
Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States.
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index d0a8aa44bd..6d13cc8c9d 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -1,18 +1,8 @@
---
title: Deploy Windows 10 in a school district (Windows 10)
description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use Microsoft Endpoint Configuration Manager, Intune, and Group Policy to manage devices.
-keywords: configure, tools, device, school district, deploy Windows 10
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.pagetype: edu
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -1278,9 +1268,9 @@ You've now identified the tasks you need to perform monthly, at the end of an ac
* [Try it out: Windows 10 in the classroom](../index.yml)
* [Chromebook migration guide](./chromebook-migration-guide.md)
* [Deploy Windows 10 in a school](./deploy-windows-10-in-a-school.md)
-* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](./index.md)
-* [Deploy a custom Windows 10 Start menu layout for a school (video)](./index.md)
-* [Manage Windows 10 updates and upgrades in a school environment (video)](./index.md)
-* [Reprovision devices at the end of the school year (video)](./index.md)
-* [Use MDT to deploy Windows 10 in a school (video)](./index.md)
-* [Use Microsoft Store for Business in a school environment (video)](./index.md)
+* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](./index.yml)
+* [Deploy a custom Windows 10 Start menu layout for a school (video)](./index.yml)
+* [Manage Windows 10 updates and upgrades in a school environment (video)](./index.yml)
+* [Reprovision devices at the end of the school year (video)](./index.yml)
+* [Use MDT to deploy Windows 10 in a school (video)](./index.yml)
+* [Use Microsoft Store for Business in a school environment (video)](./index.yml)
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index d9d1aff417..cb598bc6fd 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -1,29 +1,14 @@
---
title: Deploy Windows 10 in a school (Windows 10)
description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD). Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy.
-keywords: configure, tools, device, school, deploy Windows 10
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.pagetype: edu
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
# Deploy Windows 10 in a school
-
-**Applies to**
-
-- Windows 10
-
This guide shows you how to deploy the Windows 10 operating system in a school environment. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Intune and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
## Prepare for school deployment
diff --git a/education/windows/index.md b/education/windows/deploy-windows-10-overview.md
similarity index 89%
rename from education/windows/index.md
rename to education/windows/deploy-windows-10-overview.md
index 3977c5f664..8b772d160c 100644
--- a/education/windows/index.md
+++ b/education/windows/deploy-windows-10-overview.md
@@ -1,27 +1,15 @@
---
title: Windows 10 for Education (Windows 10)
description: Learn how to use Windows 10 in schools.
-keywords: Windows 10, education
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
# Windows 10 for Education
-
-
-##  Learn
+## Learn
**[Windows 10 editions for education customers](windows-editions-for-education-customers.md)**
@@ -35,7 +23,7 @@ Find out more about the features and functionality we support in each edition of
When you've made your decision, find out how to buy Windows for your school.
-##  Plan
+## Plan
**[Windows 10 configuration recommendations for education customers](configure-windows-for-education.md)**
@@ -49,7 +37,7 @@ Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-base
Minecraft Education Edition is built for learning. Learn how to get early access and add it to your Microsoft Store for Business for distribution.
-**[Take tests in Windows 10](take-tests-in-windows-10.md)**
+**[Take tests in Windows](take-tests-in-windows.md)**
Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
@@ -57,7 +45,7 @@ Take a Test is a new app that lets you create the right environment for taking t
Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
-##  Deploy
+## Deploy
**[Set up Windows devices for education](set-up-windows-10.md)**
@@ -75,7 +63,7 @@ Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across
Test Windows 10 S on various Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
-##  Switch
+## Switch
**[Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)**
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index c29d3d4a47..983f31ed85 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -1,17 +1,8 @@
---
title: Deployment recommendations for school IT administrators
description: Provides guidance on ways to customize the OS privacy settings, and some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
-keywords: Windows 10 deployment, recommendations, privacy settings, school
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.prod: windows
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: guide
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -26,21 +17,17 @@ We want all students to have the chance to use the apps they need for success in
Keep these best practices in mind when deploying any edition of Windows 10 in schools or districts:
-* A Microsoft account is only intended for consumer services. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, and so on. For schools, consider using mobile device management (MDM) or Group Policy to block students from adding a Microsoft account as a secondary account.
-
-* If schools allow the use of personal accounts by their students to access personal services, schools should be aware that these accounts belong to individuals, not the school.
-
-* IT administrators, school officials, and teachers should also consider ratings when picking apps from the Microsoft Store.
-
-* If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
+* A Microsoft account is only intended for consumer services. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, and so on. For schools, consider using mobile device management (MDM) or Group Policy to block students from adding a Microsoft account as a secondary account
+* If schools allow the use of personal accounts by their students to access personal services, schools should be aware that these accounts belong to individuals, not the school
+* IT administrators, school officials, and teachers should also consider ratings when picking apps from the Microsoft Store
+* If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store for Education, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info
## Windows 10 Contacts privacy settings
If you’re an IT administrator who deploys Windows 10 in a school or district, we recommend that you review these deployment resources to make informed decisions about how you can configure telemetry for your school or district:
-* [Configure Windows telemetry in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) - Describes the types of telemetry we gather and the ways you can manage this data.
-
-* [Manage connections from Windows operating system components to Microsoft services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
+* [Configure Windows telemetry in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) - Describes the types of telemetry we gather and the ways you can manage this data
+* [Manage connections from Windows operating system components to Microsoft services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data
In particular, the **Contacts** area in the **Settings** > **Privacy** section lets you choose which apps can access a student’s contacts list. By default, this setting is turned on.
@@ -53,37 +40,24 @@ To change the setting, you can:
To turn off access to contacts for all apps on individual Windows devices:
1. On the computer, go to **Settings** and select **Privacy**.
-
- 
-
-2. Under the list of **Privacy** areas, select **Contacts**.
-
- 
-
-3. Turn off **Let apps access my contacts**.
+1. Under the list of **Privacy** areas, select **Contacts**.
+1. Turn off **Let apps access my contacts**.
For IT-managed Windows devices, you can use a Group Policy to turn off the setting. To turn off the setting:
1. Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts**.
-
-2. Set the **Select a setting** box to **Force Deny**.
+1. Set the **Select a setting** box to **Force Deny**.
### Choose the apps that you want to allow access to contacts
If you want to allow only certain apps to have access to contacts, you can use the switch for each app to specify which ones you want on or off.
-
-
The list of apps on the Windows-based device may vary from the above example. The list depends on what apps you've installed and which of these apps access contacts.
To allow only certain apps to have access to contacts, you can:
-* Configure each app individually using the **Settings** > **Contacts** option in the Windows UI
-
-* Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce.
-
- 
-
+- Configure each app individually using the **Settings** > **Contacts** option in the Windows UI
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce
## Skype and Xbox settings
@@ -108,10 +82,8 @@ Skype uses the user’s contact details to deliver important information about t
To manage and edit your profile in the Skype UWP app, follow these steps:
-1. In the Skype UWP app, select the user profile icon  to go to the user’s profile page.
-
+1. In the Skype UWP app, select the user profile icon to go to the user's profile page.
2. In the account page, select **Manage account** for the Skype account that you want to change. This will take you to the online Skype portal.
-
3. In the online Skype portal, scroll down to the **Account details** section. In **Settings and preferences**, click **Edit profile**.
The profile page includes these sections:
@@ -121,16 +93,11 @@ To manage and edit your profile in the Skype UWP app, follow these steps:
* Profile settings
4. Review the information in each section and click **Edit profile** in either or both the **Personal information** and **Contact details** sections to change the information being shared. You can also remove the checks in the **Profile settings** section to change settings on discoverability, notifications, and staying in touch.
-
5. If you don't wish the name to be included, edit the fields and replace the fields with **XXX**.
-
6. To change the profile picture, go to the Skype app and click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
- 
-
- * To take a new picture, click the camera icon in the pop-up window. To upload a new picture, click the three dots (**...**).
-
- * You can also change the visibility of the profile picture between public (everyone) or for contacts only. To change the profile picture visibility, select the dropdown under **Profile picture** and choose between **Show to everyone** or **Show to contacts only**.
+ * To take a new picture, click the camera icon in the pop-up window. To upload a new picture, click the three dots (**...**)
+ * You can also change the visibility of the profile picture between public (everyone) or for contacts only. To change the profile picture visibility, select the dropdown under **Profile picture** and choose between **Show to everyone** or **Show to contacts only**
#### Xbox
@@ -150,10 +117,9 @@ To delete a Skype account, you can follow the instructions here: [How do I close
If you need help with deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
1. Select a help topic (**Account and Password**)
-2. Select a related problem (**Deleting an account**)
-3. Click **Next**.
-4. Select a contact method to get answers to your questions.
-
+1. Select a related problem (**Deleting an account**)
+1. Click **Next**.
+1. Select a contact method to get answers to your questions.
#### Xbox
diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md
new file mode 100644
index 0000000000..0c40174ed0
--- /dev/null
+++ b/education/windows/edu-stickers.md
@@ -0,0 +1,74 @@
+---
+title: Configure Stickers for Windows 11 SE
+description: Learn about the Stickers feature and how to configure it via Intune and provisioning package.
+ms.date: 09/15/2022
+ms.topic: how-to
+appliesto:
+ - ✅ Windows 11 SE, version 22H2
+ms.collection:
+ - highpri
+---
+
+# Configure Stickers for Windows 11 SE
+
+Starting in **Windows 11 SE, version 22H2**, *Stickers* is a new feature that allows students to decorate their desktop with digital stickers. Students can choose from over 500 cheerful, education-friendly digital stickers. Stickers can be arranged, resized, and customized on top of the desktop background. Each student's stickers remain, even when the background changes.
+
+Similar to the [education theme packs](edu-themes.md), Stickers is a personalization feature that helps the device feel like it was designed for students.
+
+:::image type="content" source="./images/win-11-se-stickers.png" alt-text="Windows 11 SE desktop with 3 stickers" border="true":::
+
+Stickers are simple to use, and give students an easy way to express themselves by decorating their desktop, helping to make learning fun.
+
+## Benefits of Stickers
+
+When students feel like they can express themselves at school, they pay more attention and learn, which benefits students, teachers, and the school community. Self-expression is critical to well-being and success at school. Customizing a device is one way to express a personal brand.
+
+With Stickers, students feel more attached to the device as they feel as if it's their own, they take better care of it, and it's more likely to last.
+
+## Enable Stickers
+
+Stickers aren't enabled by default. Follow the instructions below to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
+
+#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+To configure devices using Microsoft Intune, create a [custom policy][MEM-1] with the following settings:
+
+| Setting |
+|--------|
+|
|
+
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
+
+#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
+
+To configure devices using a provisioning package, [create a provisioning package][WIN-1] using Windows Configuration Designer (WCD) with the following settings:
+
+| Setting |
+|--------|
+|
Path: **`Education/AllowStickers`**
Value: **True**
|
+
+Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
+
+---
+
+## How to use Stickers
+
+Once the Stickers feature is enabled, the sticker editor can be opened by either:
+
+- using the contextual menu on the desktop and selecting the option **Add or edit stickers**
+- opening the Settings app > **Personalization** > **Background** > **Add stickers**
+
+:::image type="content" source="./images/win-11-se-stickers-menu.png" alt-text="Windows 11 SE desktop contextual menu to open the sticker editor" border="true":::
+
+Multiple stickers can be added from the picker by selecting them. The stickers can be resized, positioned or deleted from the desktop by using the mouse, keyboard, or touch.
+
+:::image type="content" source="./images/win-11-se-stickers-animation.gif" alt-text="animation showing Windows 11 SE desktop with 4 pirate stickers being resized and moved" border="true":::
+
+Select the *X button* at the top of the screen to save your progress and close the sticker editor.
+
+-----------
+
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
+
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
+[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
\ No newline at end of file
diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md
new file mode 100644
index 0000000000..a3d8944c42
--- /dev/null
+++ b/education/windows/edu-take-a-test-kiosk-mode.md
@@ -0,0 +1,227 @@
+---
+title: Configure Take a Test in kiosk mode
+description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
+ms.date: 09/30/2022
+ms.topic: how-to
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Configure Take a Test in kiosk mode
+
+Executing Take a Test in kiosk mode is the recommended option for high stakes assessments, such as mid-term exams. In this mode, Windows will execute Take a Test in a lock-down mode, preventing the execution of any applications other than Take a Test. Students must sign in using a test-taking account.
+
+The configuration of Take a Test in kiosk mode can be done using:
+
+- Microsoft Intune/MDM
+- a provisioning package (PPKG)
+- PowerShell
+- the Settings app
+
+When using the Settings app, you can configure Take a Test in kiosk mode using a local account only. This option is recommended for devices that aren't managed.
+The other options allow you to configure Take a Test in kiosk mode using a local account, an account defined in the directory, or a guest account.
+
+> [!TIP]
+> While you could create a single account in the directory to be the dedicated test-taking account, it is recommended to use a guest account. This way, you don't get into a scenario where the testing account is locked out due to bad password attempts or other factors.
+>
+> An additional benefit of using a guest account, is that your students don't have to type a password to access the test.
+
+Follow the instructions below to configure your devices, selecting the option that best suits your needs.
+
+#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+You can use Intune for Education or a custom profile in Microsoft Intune:
+
+- Intune for Education provides a simpler experience
+- A custom profile provides more flexibility and controls over the configuration
+
+> [!IMPORTANT]
+> Currently, the policy created in Intune for Education is applicable to Windows 10 and Windows 11 only. **It will not apply to Windows 11 SE devices.**
+>
+> If you want to configure Take a Test for Windows 11 SE devices, you must use a custom policy.
+
+### Configure Take a Test from Intune for Education
+
+To configure devices using Intune for Education, follow these steps:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > Pick a group to configure Take a Test for
+1. Select **Windows device settings**
+1. Expand the **Take a Test profiles** category and select **+ Assign new Take a Test profile**
+1. Specify a **Profile Name**, **Account Name**, **Assessment URL** and, optionally, **Description** and options allowed during the test
+1. Select **Create and assign profile**
+
+:::image type="content" source="./images/takeatest/intune-education-take-a-test-profile.png" alt-text="Intune for Education - creation of a Take a Test profile." lightbox="./images/takeatest/intune-education-take-a-test-profile.png" border="true":::
+
+### Configure Take a Test with a custom policy
+
+To configure devices using Microsoft Intune, create a [custom policy][MEM-1] with the following settings:
+
+| Setting |
+|--------|
+|
|
+
+:::image type="content" source="./images/takeatest/intune-take-a-test-custom-profile.png" alt-text="Intune portal - creation of a custom policy to configure Take a Test." lightbox="./images/takeatest/intune-take-a-test-custom-profile.png" border="true":::
+
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
+
+#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
+
+To create a provisioning package, you can either use Set up School PCs or Windows Configuration Designer:
+
+- Set up School PCs provides a simpler, guided experience
+- Windows Configuration Designer provides more flexibility and controls over the configuration
+
+### Create a provisioning package using Set up School PCs
+
+Create a provisioning package using the Set up School PCs app, configuring the settings in the **Set up the Take a Test app** page.
+
+:::image type="content" source="./images/takeatest/suspcs-take-a-test.png" alt-text="Set up School PCs app - Take a test page" lightbox="./images/takeatest/suspcs-take-a-test.png" border="true":::
+
+### Create a provisioning package using Windows Configuration Designer
+
+[Create a provisioning package][WIN-1] using Windows Configuration Designer with the following settings:
+
+| Setting |
+|--------|
+|
Value: **Take a Test** (or a string of your choice to display in the sing-in screen)
|
+|
Path: **`TakeATest/LaunchURI/`**
Value: **\**
|
+
+:::image type="content" source="./images/takeatest/wcd-take-a-test.png" alt-text="Windows Configuration Designer - configuration of policies to enable Take a Test to run in kiosk mode" lightbox="./images/takeatest/wcd-take-a-test.png" border="true":::
+
+Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
+
+#### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell)
+
+Configure your devices using PowerShell scripts via the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
+
+> [!TIP]
+> PowerShell scripts can be executed as scheduled tasks via Group Policy.
+
+> [!IMPORTANT]
+> For all device settings, the WMI Bridge client must be executed as SYSTEM (LocalSystem) account.
+>
+> To test a PowerShell script, you can:
+> 1. [Download the psexec tool](/sysinternals/downloads/psexec)
+> 1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
+> 1. Run the script in the PowerShell session
+
+Edit the following sample PowerShell script to:
+
+- Customize the assessment URL with **$testURL**
+- Change the kiosk user tile name displayed in the sign-in screen with **$userTileName**
+
+```powershell
+$testURL = "https://contoso.com/algebra-exam"
+$userTileName = "Take a Test"
+$namespaceName = "root\cimv2\mdm\dmmap"
+$ParentID="./Vendor/MSFT/Policy/Config"
+
+#Configure SharedPC
+$className = "MDM_SharedPC"
+$instance = "SharedPC"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.AccountModel = 1
+$cimObject.EnableAccountManager = $true
+$cimObject.KioskModeAUMID = "Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App"
+$cimObject.KioskModeUserTileDisplayText = $userTileName
+Set-CimInstance -CimInstance $cimObject
+
+#Configure SecureAssessment
+$className = "MDM_SecureAssessment"
+$instance = "SecureAssessment"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.LaunchURI= $testURL
+Set-CimInstance -CimInstance $cimObject
+
+#Configure interactive logon
+$className = "MDM_Policy_Config01_LocalPoliciesSecurityOptions02"
+$instance = "LocalPoliciesSecurityOptions"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.InteractiveLogon_DoNotDisplayLastSignedIn = 1
+Set-CimInstance -CimInstance $cimObject
+
+#Configure Windows logon
+$className = "MDM_Policy_Config01_WindowsLogon02"
+$instance = "WindowsLogon"
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
+if (-not ($cimObject)) {
+ $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
+}
+$cimObject.HideFastUserSwitching = 1
+Set-CimInstance -CimInstance $cimObject
+```
+
+#### [:::image type="icon" source="images/icons/windows-os.svg"::: **Settings app**](#tab/win)
+
+To create a local account, and configure Take a Test in kiosk mode using the Settings app:
+
+1. Sign into the Windows device with an administrator account
+1. Open the **Settings** app and select **Accounts** > **Other Users**
+1. Under **Other users**, select **Add account** > **I don't have this person's sign-in information** > **Add a user without a Microsoft account**
+1. Provide a user name and password for the account that will be used for testing
+ :::image type="content" source="./images/takeatest/settings-accounts-create-take-a-test-account.png" alt-text="Use the Settings app to create a test-taking account." border="true":::
+1. Select **Accounts > Access work or school**
+1. Select **Create a test-taking account**
+ :::image type="content" source="./images/takeatest/settings-accounts-set-up-take-a-test-account.png" alt-text="Use the Settings app to set up a test-taking account." border="true":::
+1. Under **Add an account for taking tests**, select **Add account** > Select the account created in step 4
+ :::image type="content" source="./images/takeatest/settings-accounts-choose-take-a-test-account.png" alt-text="Use the Settings app to choose the test-taking account." border="true":::
+1. Under **Enter the tests's web address**, enter the assessment URL
+1. Under **Test taking settings** select the options you want to enable during the test
+ - To enable printing, select **Require printing**
+
+ > [!NOTE]
+ > Make sure a printer is pre-configured on the Take a Test account if you're enabling this option.
+
+ - To enable teachers to monitor screens, select **Allow screen monitoring**
+ - To allow text suggestions, select **Allow text suggestions**
+
+1. To take the test, a student must sign in using the test-taking account selected in step 4
+ :::image type="content" source="./images/takeatest/login-screen-take-a-test-single-pc.png" alt-text="Windows 11 SE login screen with the take a test account." border="true":::
+
+ > [!NOTE]
+ > To sign-in with a local account on a device that is joined to Azure AD or Active Directory, you must prefix the username with either `\` or `.\`.
+
+---
+
+## How to use Take a Test in kiosk mode
+
+Once the devices are configured, a new user tile will be available in the sign-in screen. If selected, Take a Test will be executed in kiosk mode using the guest account, opening the assessment URL.
+
+## How to exit Take a Test
+
+To exit the Take a Test app at any time, press Ctrl+Alt+Delete. You'll be prompted to sign out of the test-taking account, or return to the test. Once signed out, the device will be unlocked from kiosk mode and can be used as normal.
+
+The following animation shows the process of signing in to the test-taking account, taking a test, and exiting the test:
+
+:::image type="content" source="./images/takeatest/sign-in-sign-out.gif" alt-text="Signing in and signing out with a test account" border="true":::
+
+-----------
+
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
+[MEM-2]: /mem/intune/configuration/settings-catalog
+
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
+[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
\ No newline at end of file
diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md
new file mode 100644
index 0000000000..a477121ca5
--- /dev/null
+++ b/education/windows/edu-themes.md
@@ -0,0 +1,59 @@
+---
+title: Configure education themes for Windows 11
+description: Learn about education themes for Windows 11 and how to configure them via Intune and provisioning package.
+ms.date: 09/15/2022
+ms.topic: how-to
+appliesto:
+- ✅ Windows 11, version 22H2
+- ✅ Windows 11 SE, version 22H2
+---
+
+# Configure education themes for Windows 11
+
+Starting in **Windows 11, version 22H2**, you can deploy education themes to your devices. The education themes are designed for students using devices in a school.
+
+:::image type="content" source="./images/win-11-se-themes-1.png" alt-text="Windows 11 desktop with 3 stickers" border="true":::
+
+Themes allow the end user to quickly configure the look and feel of the device, with preset wallpaper, accent color, and other settings.
+Students can choose their own themes, making it feel the device is their own. When students feel more ownership over their device, they tend to take better care of it. This is great news for schools looking to give that same device to a new student the next year.
+
+## Enable education themes
+
+Education themes aren't enabled by default. Follow the instructions below to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
+
+#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+To configure devices using Microsoft Intune, create a [custom policy][MEM-1] with the following settings:
+
+| Setting |
+|--------|
+|
|
+
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
+
+#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
+
+To configure devices using a provisioning package, [create a provisioning package][WIN-1] using Windows Configuration Designer (WCD), with the following settings:
+
+| Setting |
+|--------|
+|
Path: **`Education/EnableEduThemes`**
Value: **True**
|
+
+Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
+
+---
+
+## How to use the education themes
+
+Once the education themes are enabled, the device will download them as soon as a user signs in to the device.
+
+To change the theme, select **Settings** > **Personalization** > **Themes** > **Select a theme**
+
+:::image type="content" source="./images/win-11-se-themes.png" alt-text="Windows 11 education themes selection" border="true":::
+
+-----------
+
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
+
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
+[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
\ No newline at end of file
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index 4fbe0e9f89..cf50d7cf3e 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -1,21 +1,12 @@
---
title: Education scenarios Microsoft Store for Education
description: Learn how IT admins and teachers can use Microsoft Store for Education to acquire and manage apps in schools.
-keywords: school, Microsoft Store for Education, Microsoft education store
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.localizationpriority: medium
-searchScope:
- - Store
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: article
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
---
# Working with Microsoft Store for Education
@@ -42,8 +33,6 @@ Admins can control whether or not teachers are automatically assigned the **Basi
2. Click **Manage**, and then click **Settings**.
3. On **Shop**, select or clear **Make everyone a Basic Purchaser**.
-
-
> [!NOTE]
> **Make everyone a Basic Purchaser** is on by default.
@@ -55,7 +44,6 @@ When **Make everyone a Basic Purchaser** is turned off, admins can manually assi
2. Click **Manage**, and then choose **Permissions**.
3. On **Roles**, click **Assign roles**, type and select a name, choose the role you want to assign, and then click **Save**.
- 
**Blocked Basic Purchasers**
@@ -83,7 +71,7 @@ As an admin, you can remove any of these apps from the private store if you'd pr
Applies to: IT admins
### Self-service sign up
-Self-service sign up makes it easier for teachers and students in your organization to get started with **Minecraft: Education Edition**. If you have self-service sign up enabled in your tenant, teachers can assign **Minecraft: Education Edition** to students before they have a work or school account. Students receive an email that steps them through the process of signing up for a work or school account. For more information on self-service sign up, see [Using self-service sign up in your organization](https://support.office.com/article/Using-self-service-sign-up-in-your-organization-4f8712ff-9346-4c6c-bb63-a21ad7a62cbd?ui=en-US&rs=en-US&ad=US).
+Self-service sign-up makes it easier for users in your organization to sign up for online services from Microsoft. We call this sign up process "self-service sign-up" because your users can sign up to use services paid by your subscription, or use free services, without asking you to take action on their behalf. For more information on self-service sign up, see [Using self-service sign up in your organization](https://support.office.com/article/Using-self-service-sign-up-in-your-organization-4f8712ff-9346-4c6c-bb63-a21ad7a62cbd?ui=en-US&rs=en-US&ad=US).
### Domain verification
For education organizations, domain verification ensures you are on the academic verification list. As an admin, you might need to verify your domain using the Microsoft 365 admin center. For more information, see [Verify your Office 365 domain to prove ownership, nonprofit or education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590?ui=en-US&rs=en-US&ad=US).
@@ -105,12 +93,6 @@ For more information on payment options, see [payment options](/microsoft-store/
For more information on tax rates, see [tax information](/microsoft-store/update-windows-store-for-business-account-settings#organization-tax-information).
-### Get started with Minecraft: Education Edition
-Teachers and IT administrators can now get trials or subscriptions to Minecraft: Education Edition and add it to Microsoft Store for Business for distribution.
-- [Get started with Minecraft: Education Edition](./get-minecraft-for-education.md)
-- [For IT admins – Minecraft: Education Edition](./school-get-minecraft.md)
-- [For teachers – Minecraft: Education Edition](./teacher-get-minecraft.md)
-
## Manage apps and software
Applies to: IT admins and teachers
@@ -133,17 +115,8 @@ Teachers can:
## Distribute apps
-Manage and distribute apps to students and others in your organization. Different options are available for admins and teachers.
-
-Applies to: IT admins
-
**To manage and distribute apps**
-- For info on how to distribute **Minecraft: Education Edition**, see [For IT admins – Minecraft: Education Edition](./school-get-minecraft.md#distribute-minecraft)
-- For info on how to manage and distribute other apps, see [App inventory management - Microsoft Store for Business](/microsoft-store/app-inventory-management-windows-store-for-business)
-
-Applies to: Teachers
-
-For info on how to distribute **Minecraft: Education Edition**, see [For teachers – Minecraft: Education Edition](./teacher-get-minecraft.md#distribute-minecraft).
+- For info on how to manage and distribute apps, see [App inventory management - Microsoft Store for Business](/microsoft-store/app-inventory-management-windows-store-for-business)
**To assign an app to a student**
@@ -165,16 +138,9 @@ You can manage current app licenses, or purchase more licenses for apps in **App
You'll have a summary of current license availability.
-**Minecraft: Education Edition subscriptions**
-
-Similarly, you can purchase more subscriptions of **Minecraft: Education Edition** through Microsoft Store for Business. Find **Minecraft: Education Edition** in your inventory and use the previous steps for purchasing more app licenses.
-
## Manage order history
Applies to: IT admins and teachers
You can manage your orders through Microsoft Store for Business. For info on order history and how to refund an order, see [Manage app orders in Microsoft Store for Business](/microsoft-store/manage-orders-microsoft-store-for-business).
It can take up to 24 hours after a purchase, before a receipt is available on your **Order history page**.
-
-> [!NOTE]
-> For **Minecraft: Education Edition**, you can request a refund through Microsoft Store for Business for two months from the purchase date. After two months, refunds require a support call.
\ No newline at end of file
diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md
index e056e38381..39f39952b6 100644
--- a/education/windows/enable-s-mode-on-surface-go-devices.md
+++ b/education/windows/enable-s-mode-on-surface-go-devices.md
@@ -1,18 +1,8 @@
---
title: Enable S mode on Surface Go devices for Education
-description: Steps that an education customer can perform to enable S mode on Surface Go devices
-keywords: Surface Go for Education, S mode
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how to enable S mode on Surface Go devices.
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
+ms.topic: how-to
appliesto:
- ✅ Windows 10
---
diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
new file mode 100644
index 0000000000..0f769a31e1
--- /dev/null
+++ b/education/windows/federated-sign-in.md
@@ -0,0 +1,132 @@
+---
+title: Configure federated sign-in for Windows devices
+description: Description of federated sign-in feature for Windows 11 SE and how to configure it via Intune
+ms.date: 09/15/2022
+ms.prod: windows
+ms.technology: windows
+ms.topic: how-to
+ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer:
+manager: aaroncz
+ms.collection: education
+appliesto:
+- ✅ Windows 11 SE, version 22H2
+---
+
+
+# Configure federated sign-in for Windows 11 SE
+
+Starting in **Windows 11 SE, version 22H2**, you can enable your users to sign-in using a SAML 2.0 identity provider (IdP). This feature is called **federated sign-in**. Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in Azure AD, they can sign-in using their existing credentials from the IdP. For example, students and educators can use QR code badges to sign-in.
+
+## Benefits of federated sign-in
+
+Federated sign-in enables students to sign-in in less time, and with less friction.
+With fewer credentials to remember and a simplified sign-in process, students are more engaged and focused on learning.
+> [!IMPORTANT]
+> Currently, this feature is designed for 1:1 devices. For an optimal experience, you should not enable federated sign-in on shared devices.
+
+## Prerequisites
+
+To implement federated sign-in, the following prerequisites must be met:
+
+1. An Azure AD tenant, with one or multiple domains federated to a third-party SAML 2.0 IdP. For more information, see [Use a SAML 2.0 Identity Provider (IdP) for Single Sign On][AZ-1]
+ >[!NOTE]
+ >If your organization uses a third-party federation solution, you can configure single sign-on to Azure Active Directory if the solution is compatible with Azure Active Directory. For questions regarding compatibility, please contact your identity provider. If you're an IdP, and would like to validate your solution for interoperability, please refer to these [guidelines][MSFT-1].
+1. Individual IdP accounts created: each user will require an account defined in the third-party IdP platform
+1. Individual Azure AD accounts created: each user will require a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example:
+ - [School Data Sync (SDS)][SDS-1]
+ - [Azure AD Connect sync][AZ-3] for environment with on-premises AD DS
+ - PowerShell scripts that call the [Microsoft Graph API][GRAPH-1]
+ - provisioning tools offered by the IdP
+1. Licenses assigned to the Azure AD user accounts. It's recommended to assign licenses to a dynamic group: when new users are provisioned in Azure AD, the licenses are automatically assigned. For more information, see [Assign licenses to users by group membership in Azure Active Directory][AZ-2]
+1. Enable federated sign-in on the Windows devices that the users will be using
+ > [!IMPORTANT]
+ > This feature is exclusively available for Windows 11 SE, version 22H2.
+
+To use federated sign-in, the devices must have Internet access. This feature won't work without it, as the authentication is done over the Internet.
+
+## Enable federated sign-in on devices
+
+
+To sign-in with a SAML 2.0 identity provider, your devices must be configured with different policies, which can be configured using Microsoft Intune.
+
+To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
+
+| Setting |
+|--------|
+|
Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**
|
+
+:::image type="content" source="images/federated-sign-in-settings-intune.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-intune.png" border="true":::
+
+Assign the policy to a security group that contains as members the devices that require federated sign-in.
+
+
+
+## How to use federated sign-in
+
+Once the devices are configured, a new sign-in experience becomes available.
+
+As the end users enter their username, they'll be redirected to the identity provider sign-in page. Once users are authenticated by the IdP, they'll be signed-in. In the following animation, you can see how the first sign-in process works:
+
+:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Windows 11 SE sign-in using federated sign-in through Clever and QR code badge." border="false":::
+
+> [!IMPORTANT]
+> Once the policy is enabled, the first user to sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing Ctrl+Alt+Delete to get back to the standard Windows sign-in screen.
+
+## Important considerations
+
+Federated sign-in doesn't work on devices that have the following settings enabled:
+
+- **EnableSharedPCMode**, which is part of the [SharedPC CSP][WIN-1]
+- **Interactive logon: do not display last signed in**, which is a security policy part of the [Policy CSP][WIN-2]
+- **Take a Test**, since it leverages the security policy above
+
+## Troubleshooting
+
+- The user can exit the federated sign-in flow by pressing Ctrl+Alt+Delete to get back to the standard Windows sign-in screen
+- Select the *Other User* button, and the standard username/password credentials are available to log into the device
+
+-----------
+
+[AZ-1]: /azure/active-directory/hybrid/how-to-connect-fed-saml-idp
+[AZ-2]: /azure/active-directory/enterprise-users/licensing-groups-assign
+[AZ-3]: /azure/active-directory/hybrid/how-to-connect-sync-whatis
+
+[GRAPH-1]: /graph/api/user-post-users?tabs=powershell
+
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
+
+[MSFT-1]: https://www.microsoft.com/download/details.aspx?id=56843
+
+[SDS-1]: /schooldatasync
+
+[WIN-1]: /windows/client-management/mdm/sharedpc-csp
+[WIN-2]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin
\ No newline at end of file
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index f03899ae3d..3bd2273634 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -1,21 +1,14 @@
---
title: Get Minecraft Education Edition
description: Learn how to get and distribute Minecraft Education Edition.
-keywords: school, Minecraft, education edition
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.localizationpriority: medium
-searchScope:
- - Store
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows 11 SE
+ms.collection:
+ - highpri
---
# Get Minecraft: Education Edition
@@ -24,23 +17,14 @@ appliesto:
-Teachers and IT administrators can now get early access to **Minecraft: Education Edition** and add it their Microsoft Store for Business for distribution.
-
-
+Teachers and IT administrators can now get access to **Minecraft: Education Edition** and add it their Microsoft Admin Center for distribution.
## Prerequisites
-- **Minecraft: Education Edition** requires Windows 10.
+- For a complete list of Operating Systems supported by **Minecraft: Education Edition**, see [here](https://educommunity.minecraft.net/hc/articles/360047556591-System-Requirements).
- Trials or subscriptions of **Minecraft: Education Edition** are offered to education tenants that are managed by Azure Active Directory (Azure AD).
- If your school doesn't have an Azure AD tenant, the [IT administrator can set one up](school-get-minecraft.md) as part of the process of getting **Minecraft: Education Edition**.
- Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://www.microsoft.com/education/products/office)
- If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](/windows/client-management/mdm/register-your-free-azure-active-directory-subscription)
-
-
-[Learn how teachers can get and distribute **Minecraft: Education Edition**](teacher-get-minecraft.md)
-
-
-
-
-[Learn how IT administrators can get and distribute **Minecraft: Education Edition**](school-get-minecraft.md), and how to manage permissions for Minecraft.
\ No newline at end of file
+[Learn how IT administrators can get and distribute **Minecraft: Education Edition**](school-get-minecraft.md), and how to manage permissions for Minecraft.
diff --git a/education/windows/images/1_howtosetup.png b/education/windows/images/1_howtosetup.png
deleted file mode 100644
index 7eb8222ed3..0000000000
Binary files a/education/windows/images/1_howtosetup.png and /dev/null differ
diff --git a/education/windows/images/2_signinwithms.png b/education/windows/images/2_signinwithms.png
deleted file mode 100644
index e4b5f27f12..0000000000
Binary files a/education/windows/images/2_signinwithms.png and /dev/null differ
diff --git a/education/windows/images/ICDstart-option.PNG b/education/windows/images/ICDstart-option.PNG
deleted file mode 100644
index 1ba49bb261..0000000000
Binary files a/education/windows/images/ICDstart-option.PNG and /dev/null differ
diff --git a/education/windows/images/PCicon.png b/education/windows/images/PCicon.png
deleted file mode 100644
index c97c137b83..0000000000
Binary files a/education/windows/images/PCicon.png and /dev/null differ
diff --git a/education/windows/images/TakeATestURL.png b/education/windows/images/TakeATestURL.png
deleted file mode 100644
index b057763e8b..0000000000
Binary files a/education/windows/images/TakeATestURL.png and /dev/null differ
diff --git a/education/windows/images/allowcortana_gp.PNG b/education/windows/images/allowcortana_gp.PNG
deleted file mode 100644
index 7adf1b7594..0000000000
Binary files a/education/windows/images/allowcortana_gp.PNG and /dev/null differ
diff --git a/education/windows/images/allowcortana_omauri.PNG b/education/windows/images/allowcortana_omauri.PNG
deleted file mode 100644
index 303c89ed5f..0000000000
Binary files a/education/windows/images/allowcortana_omauri.PNG and /dev/null differ
diff --git a/education/windows/images/allowcortana_wcd.PNG b/education/windows/images/allowcortana_wcd.PNG
deleted file mode 100644
index 5e62e0bb01..0000000000
Binary files a/education/windows/images/allowcortana_wcd.PNG and /dev/null differ
diff --git a/education/windows/images/app-distribution-options.PNG b/education/windows/images/app-distribution-options.PNG
deleted file mode 100644
index 75b3374720..0000000000
Binary files a/education/windows/images/app-distribution-options.PNG and /dev/null differ
diff --git a/education/windows/images/app-privacy-group-policy.png b/education/windows/images/app-privacy-group-policy.png
deleted file mode 100644
index 96a5f0380a..0000000000
Binary files a/education/windows/images/app-privacy-group-policy.png and /dev/null differ
diff --git a/education/windows/images/app1.jpg b/education/windows/images/app1.jpg
deleted file mode 100644
index aef6c5c22e..0000000000
Binary files a/education/windows/images/app1.jpg and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_allusers_automaticaccounts.png b/education/windows/images/azuread_usersandgroups_allusers_automaticaccounts.png
deleted file mode 100644
index f0549797a0..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_allusers_automaticaccounts.png and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png b/education/windows/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png
deleted file mode 100644
index 37ea63cda2..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png b/education/windows/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png
deleted file mode 100644
index 1b8389b1f5..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png and /dev/null differ
diff --git a/education/windows/images/azuread_usersandgroups_devicesettings_usersmayjoin.png b/education/windows/images/azuread_usersandgroups_devicesettings_usersmayjoin.png
deleted file mode 100644
index 40a603cf64..0000000000
Binary files a/education/windows/images/azuread_usersandgroups_devicesettings_usersmayjoin.png and /dev/null differ
diff --git a/education/windows/images/checkmark.png b/education/windows/images/checkmark.png
deleted file mode 100644
index f9f04cd6bd..0000000000
Binary files a/education/windows/images/checkmark.png and /dev/null differ
diff --git a/education/windows/images/choose-package-icd.png b/education/windows/images/choose-package-icd.png
deleted file mode 100644
index 2bf7a18648..0000000000
Binary files a/education/windows/images/choose-package-icd.png and /dev/null differ
diff --git a/education/windows/images/clipboard.png b/education/windows/images/clipboard.png
deleted file mode 100644
index bbfa2c9e8d..0000000000
Binary files a/education/windows/images/clipboard.png and /dev/null differ
diff --git a/education/windows/images/connect-aad.png b/education/windows/images/connect-aad.png
deleted file mode 100644
index 8583866165..0000000000
Binary files a/education/windows/images/connect-aad.png and /dev/null differ
diff --git a/education/windows/images/connect-ad.png b/education/windows/images/connect-ad.png
deleted file mode 100644
index 4da67e8cdd..0000000000
Binary files a/education/windows/images/connect-ad.png and /dev/null differ
diff --git a/education/windows/images/crossmark.png b/education/windows/images/crossmark.png
deleted file mode 100644
index 69432ff71c..0000000000
Binary files a/education/windows/images/crossmark.png and /dev/null differ
diff --git a/education/windows/images/education.png b/education/windows/images/education.png
deleted file mode 100644
index cc4f7fabb2..0000000000
Binary files a/education/windows/images/education.png and /dev/null differ
diff --git a/education/windows/images/enter-email.PNG b/education/windows/images/enter-email.PNG
deleted file mode 100644
index 644d893f06..0000000000
Binary files a/education/windows/images/enter-email.PNG and /dev/null differ
diff --git a/education/windows/images/express-settings.png b/education/windows/images/express-settings.png
deleted file mode 100644
index 99e9c4825a..0000000000
Binary files a/education/windows/images/express-settings.png and /dev/null differ
diff --git a/education/windows/images/federated-sign-in-settings-intune.png b/education/windows/images/federated-sign-in-settings-intune.png
new file mode 100644
index 0000000000..bdde7cf85a
Binary files /dev/null and b/education/windows/images/federated-sign-in-settings-intune.png differ
diff --git a/education/windows/images/get-app-store.png b/education/windows/images/get-app-store.png
deleted file mode 100644
index 14ae888425..0000000000
Binary files a/education/windows/images/get-app-store.png and /dev/null differ
diff --git a/education/windows/images/get-mcee-promo.png b/education/windows/images/get-mcee-promo.png
deleted file mode 100644
index 823631367d..0000000000
Binary files a/education/windows/images/get-mcee-promo.png and /dev/null differ
diff --git a/education/windows/images/get-the-app.PNG b/education/windows/images/get-the-app.PNG
deleted file mode 100644
index 0692ae6f7f..0000000000
Binary files a/education/windows/images/get-the-app.PNG and /dev/null differ
diff --git a/education/windows/images/gp_letwinappsaccesscontacts.PNG b/education/windows/images/gp_letwinappsaccesscontacts.PNG
deleted file mode 100644
index 0228c9474b..0000000000
Binary files a/education/windows/images/gp_letwinappsaccesscontacts.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_takeatestprofile_accountsummary.PNG b/education/windows/images/i4e_takeatestprofile_accountsummary.PNG
deleted file mode 100644
index e8feb9b5d7..0000000000
Binary files a/education/windows/images/i4e_takeatestprofile_accountsummary.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_takeatestprofile_addnewprofile.PNG b/education/windows/images/i4e_takeatestprofile_addnewprofile.PNG
deleted file mode 100644
index 401bccef4a..0000000000
Binary files a/education/windows/images/i4e_takeatestprofile_addnewprofile.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_takeatestprofile_changegroup_selectgroup.PNG b/education/windows/images/i4e_takeatestprofile_changegroup_selectgroup.PNG
deleted file mode 100644
index 4c8f0705ce..0000000000
Binary files a/education/windows/images/i4e_takeatestprofile_changegroup_selectgroup.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_takeatestprofile_groupassignment_selected.PNG b/education/windows/images/i4e_takeatestprofile_groupassignment_selected.PNG
deleted file mode 100644
index 8431e1d0cf..0000000000
Binary files a/education/windows/images/i4e_takeatestprofile_groupassignment_selected.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_takeatestprofile_groups_changegroupassignments.PNG b/education/windows/images/i4e_takeatestprofile_groups_changegroupassignments.PNG
deleted file mode 100644
index 914f0b4edd..0000000000
Binary files a/education/windows/images/i4e_takeatestprofile_groups_changegroupassignments.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_takeatestprofile_newtestaccount.PNG b/education/windows/images/i4e_takeatestprofile_newtestaccount.PNG
deleted file mode 100644
index 1ec2f0a2e2..0000000000
Binary files a/education/windows/images/i4e_takeatestprofile_newtestaccount.PNG and /dev/null differ
diff --git a/education/windows/images/i4e_trialsigninpage.PNG b/education/windows/images/i4e_trialsigninpage.PNG
deleted file mode 100644
index 5945ce3170..0000000000
Binary files a/education/windows/images/i4e_trialsigninpage.PNG and /dev/null differ
diff --git a/education/windows/images/icd-adv-shared-pc.PNG b/education/windows/images/icd-adv-shared-pc.PNG
deleted file mode 100644
index a8da5fa78a..0000000000
Binary files a/education/windows/images/icd-adv-shared-pc.PNG and /dev/null differ
diff --git a/education/windows/images/icd-school-adv-edit.png b/education/windows/images/icd-school-adv-edit.png
deleted file mode 100644
index 16843cc010..0000000000
Binary files a/education/windows/images/icd-school-adv-edit.png and /dev/null differ
diff --git a/education/windows/images/icd-school.PNG b/education/windows/images/icd-school.PNG
deleted file mode 100644
index e6a944a193..0000000000
Binary files a/education/windows/images/icd-school.PNG and /dev/null differ
diff --git a/education/windows/images/icd-simple.PNG b/education/windows/images/icd-simple.PNG
deleted file mode 100644
index 7ae8a1728b..0000000000
Binary files a/education/windows/images/icd-simple.PNG and /dev/null differ
diff --git a/education/windows/images/icdbrowse.png b/education/windows/images/icdbrowse.png
deleted file mode 100644
index 53c91074c7..0000000000
Binary files a/education/windows/images/icdbrowse.png and /dev/null differ
diff --git a/education/windows/images/icons/accessibility.svg b/education/windows/images/icons/accessibility.svg
new file mode 100644
index 0000000000..21a6b4f235
--- /dev/null
+++ b/education/windows/images/icons/accessibility.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/education/windows/images/icons/group-policy.svg b/education/windows/images/icons/group-policy.svg
new file mode 100644
index 0000000000..ace95add6b
--- /dev/null
+++ b/education/windows/images/icons/group-policy.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/education/windows/images/icons/intune.svg b/education/windows/images/icons/intune.svg
new file mode 100644
index 0000000000..6e0d938aed
--- /dev/null
+++ b/education/windows/images/icons/intune.svg
@@ -0,0 +1,24 @@
+
\ No newline at end of file
diff --git a/education/windows/images/icons/powershell.svg b/education/windows/images/icons/powershell.svg
new file mode 100644
index 0000000000..ab2d5152ca
--- /dev/null
+++ b/education/windows/images/icons/powershell.svg
@@ -0,0 +1,20 @@
+
\ No newline at end of file
diff --git a/education/windows/images/icons/provisioning-package.svg b/education/windows/images/icons/provisioning-package.svg
new file mode 100644
index 0000000000..dbbad7d780
--- /dev/null
+++ b/education/windows/images/icons/provisioning-package.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/education/windows/images/icons/registry.svg b/education/windows/images/icons/registry.svg
new file mode 100644
index 0000000000..06ab4c09d7
--- /dev/null
+++ b/education/windows/images/icons/registry.svg
@@ -0,0 +1,22 @@
+
\ No newline at end of file
diff --git a/education/windows/images/icons/windows-os.svg b/education/windows/images/icons/windows-os.svg
new file mode 100644
index 0000000000..da64baf975
--- /dev/null
+++ b/education/windows/images/icons/windows-os.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/education/windows/images/it-get-app.PNG b/education/windows/images/it-get-app.PNG
deleted file mode 100644
index 9740081ef4..0000000000
Binary files a/education/windows/images/it-get-app.PNG and /dev/null differ
diff --git a/education/windows/images/license-terms.png b/education/windows/images/license-terms.png
deleted file mode 100644
index 8dd34b0a18..0000000000
Binary files a/education/windows/images/license-terms.png and /dev/null differ
diff --git a/education/windows/images/lightbulb.png b/education/windows/images/lightbulb.png
deleted file mode 100644
index 95bea10957..0000000000
Binary files a/education/windows/images/lightbulb.png and /dev/null differ
diff --git a/education/windows/images/list.png b/education/windows/images/list.png
deleted file mode 100644
index 089827c373..0000000000
Binary files a/education/windows/images/list.png and /dev/null differ
diff --git a/education/windows/images/mc-assign-to-others-admin.png b/education/windows/images/mc-assign-to-others-admin.png
deleted file mode 100644
index 907f21d514..0000000000
Binary files a/education/windows/images/mc-assign-to-others-admin.png and /dev/null differ
diff --git a/education/windows/images/mc-assign-to-others-teacher.png b/education/windows/images/mc-assign-to-others-teacher.png
deleted file mode 100644
index 2656e9c784..0000000000
Binary files a/education/windows/images/mc-assign-to-others-teacher.png and /dev/null differ
diff --git a/education/windows/images/mc-check-for-updates.png b/education/windows/images/mc-check-for-updates.png
deleted file mode 100644
index a9a0fbae5f..0000000000
Binary files a/education/windows/images/mc-check-for-updates.png and /dev/null differ
diff --git a/education/windows/images/mc-dnld-others-admin.png b/education/windows/images/mc-dnld-others-admin.png
deleted file mode 100644
index 5e253c20d1..0000000000
Binary files a/education/windows/images/mc-dnld-others-admin.png and /dev/null differ
diff --git a/education/windows/images/mc-dnld-others-teacher.png b/education/windows/images/mc-dnld-others-teacher.png
deleted file mode 100644
index aa5df16595..0000000000
Binary files a/education/windows/images/mc-dnld-others-teacher.png and /dev/null differ
diff --git a/education/windows/images/mc-ee-video-icon.png b/education/windows/images/mc-ee-video-icon.png
deleted file mode 100644
index 61c8a0f681..0000000000
Binary files a/education/windows/images/mc-ee-video-icon.png and /dev/null differ
diff --git a/education/windows/images/mc-install-for-me-admin.png b/education/windows/images/mc-install-for-me-admin.png
deleted file mode 100644
index f9194a6188..0000000000
Binary files a/education/windows/images/mc-install-for-me-admin.png and /dev/null differ
diff --git a/education/windows/images/mc-install-for-me-teacher.png b/education/windows/images/mc-install-for-me-teacher.png
deleted file mode 100644
index e303e63660..0000000000
Binary files a/education/windows/images/mc-install-for-me-teacher.png and /dev/null differ
diff --git a/education/windows/images/microsoft-education-workflow.png b/education/windows/images/microsoft-education-workflow.png
deleted file mode 100644
index f15aa3f783..0000000000
Binary files a/education/windows/images/microsoft-education-workflow.png and /dev/null differ
diff --git a/education/windows/images/minecraft.PNG b/education/windows/images/minecraft.PNG
deleted file mode 100644
index c758c28ad5..0000000000
Binary files a/education/windows/images/minecraft.PNG and /dev/null differ
diff --git a/education/windows/images/mcee-add-payment-method.png b/education/windows/images/minecraft/mcee-add-payment-method.png
similarity index 100%
rename from education/windows/images/mcee-add-payment-method.png
rename to education/windows/images/minecraft/mcee-add-payment-method.png
diff --git a/education/windows/images/mcee-auto-assign-bd.png b/education/windows/images/minecraft/mcee-auto-assign-bd.png
similarity index 100%
rename from education/windows/images/mcee-auto-assign-bd.png
rename to education/windows/images/minecraft/mcee-auto-assign-bd.png
diff --git a/education/windows/images/mcee-auto-assign-legacy.png b/education/windows/images/minecraft/mcee-auto-assign-legacy.png
similarity index 100%
rename from education/windows/images/mcee-auto-assign-legacy.png
rename to education/windows/images/minecraft/mcee-auto-assign-legacy.png
diff --git a/education/windows/images/mcee-benefits.png b/education/windows/images/minecraft/mcee-benefits.png
similarity index 100%
rename from education/windows/images/mcee-benefits.png
rename to education/windows/images/minecraft/mcee-benefits.png
diff --git a/education/windows/images/mcee-icon.png b/education/windows/images/minecraft/mcee-icon.png
similarity index 100%
rename from education/windows/images/mcee-icon.png
rename to education/windows/images/minecraft/mcee-icon.png
diff --git a/education/windows/images/mcee-invoice-bills.PNG b/education/windows/images/minecraft/mcee-invoice-bills.PNG
similarity index 100%
rename from education/windows/images/mcee-invoice-bills.PNG
rename to education/windows/images/minecraft/mcee-invoice-bills.PNG
diff --git a/education/windows/images/mcee-invoice-info.png b/education/windows/images/minecraft/mcee-invoice-info.png
similarity index 100%
rename from education/windows/images/mcee-invoice-info.png
rename to education/windows/images/minecraft/mcee-invoice-info.png
diff --git a/education/windows/images/mcee-view-bills.png b/education/windows/images/minecraft/mcee-view-bills.png
similarity index 100%
rename from education/windows/images/mcee-view-bills.png
rename to education/windows/images/minecraft/mcee-view-bills.png
diff --git a/education/windows/images/minecraft-admin-permissions.png b/education/windows/images/minecraft/minecraft-admin-permissions.png
similarity index 100%
rename from education/windows/images/minecraft-admin-permissions.png
rename to education/windows/images/minecraft/minecraft-admin-permissions.png
diff --git a/education/windows/images/minecraft-assign-roles-2.png b/education/windows/images/minecraft/minecraft-assign-roles-2.png
similarity index 100%
rename from education/windows/images/minecraft-assign-roles-2.png
rename to education/windows/images/minecraft/minecraft-assign-roles-2.png
diff --git a/education/windows/images/minecraft-assign-roles.png b/education/windows/images/minecraft/minecraft-assign-roles.png
similarity index 100%
rename from education/windows/images/minecraft-assign-roles.png
rename to education/windows/images/minecraft/minecraft-assign-roles.png
diff --git a/education/windows/images/minecraft-assign-to-others.png b/education/windows/images/minecraft/minecraft-assign-to-others.png
similarity index 100%
rename from education/windows/images/minecraft-assign-to-others.png
rename to education/windows/images/minecraft/minecraft-assign-to-others.png
diff --git a/education/windows/images/minecraft-assign-to-people-name.png b/education/windows/images/minecraft/minecraft-assign-to-people-name.png
similarity index 100%
rename from education/windows/images/minecraft-assign-to-people-name.png
rename to education/windows/images/minecraft/minecraft-assign-to-people-name.png
diff --git a/education/windows/images/minecraft-assign-to-people.png b/education/windows/images/minecraft/minecraft-assign-to-people.png
similarity index 100%
rename from education/windows/images/minecraft-assign-to-people.png
rename to education/windows/images/minecraft/minecraft-assign-to-people.png
diff --git a/education/windows/images/minecraft-get-the-app.png b/education/windows/images/minecraft/minecraft-get-the-app.png
similarity index 100%
rename from education/windows/images/minecraft-get-the-app.png
rename to education/windows/images/minecraft/minecraft-get-the-app.png
diff --git a/education/windows/images/minecraft-in-windows-store-app.png b/education/windows/images/minecraft/minecraft-in-windows-store-app.png
similarity index 100%
rename from education/windows/images/minecraft-in-windows-store-app.png
rename to education/windows/images/minecraft/minecraft-in-windows-store-app.png
diff --git a/education/windows/images/minecraft-my-library.png b/education/windows/images/minecraft/minecraft-my-library.png
similarity index 100%
rename from education/windows/images/minecraft-my-library.png
rename to education/windows/images/minecraft/minecraft-my-library.png
diff --git a/education/windows/images/minecraft-perms.PNG b/education/windows/images/minecraft/minecraft-perms.PNG
similarity index 100%
rename from education/windows/images/minecraft-perms.PNG
rename to education/windows/images/minecraft/minecraft-perms.PNG
diff --git a/education/windows/images/minecraft-private-store.png b/education/windows/images/minecraft/minecraft-private-store.png
similarity index 100%
rename from education/windows/images/minecraft-private-store.png
rename to education/windows/images/minecraft/minecraft-private-store.png
diff --git a/education/windows/images/minecraft-student-install-email.png b/education/windows/images/minecraft/minecraft-student-install-email.png
similarity index 100%
rename from education/windows/images/minecraft-student-install-email.png
rename to education/windows/images/minecraft/minecraft-student-install-email.png
diff --git a/education/windows/images/msfe-device-promo-success.png b/education/windows/images/msfe-device-promo-success.png
deleted file mode 100644
index 590a488c11..0000000000
Binary files a/education/windows/images/msfe-device-promo-success.png and /dev/null differ
diff --git a/education/windows/images/msfe_clickemaillink_switchtoproedu.png b/education/windows/images/msfe_clickemaillink_switchtoproedu.png
deleted file mode 100644
index ca70e35a6a..0000000000
Binary files a/education/windows/images/msfe_clickemaillink_switchtoproedu.png and /dev/null differ
diff --git a/education/windows/images/msfe_manage.png b/education/windows/images/msfe_manage.png
deleted file mode 100644
index 0fd5802786..0000000000
Binary files a/education/windows/images/msfe_manage.png and /dev/null differ
diff --git a/education/windows/images/msfe_manage_benefits_switchtoproedu.png b/education/windows/images/msfe_manage_benefits_switchtoproedu.png
deleted file mode 100644
index 12ba470cc9..0000000000
Binary files a/education/windows/images/msfe_manage_benefits_switchtoproedu.png and /dev/null differ
diff --git a/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png b/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png
deleted file mode 100644
index 581a1c1e8c..0000000000
Binary files a/education/windows/images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png and /dev/null differ
diff --git a/education/windows/images/oobe.jpg b/education/windows/images/oobe.jpg
deleted file mode 100644
index 53a5dab6bf..0000000000
Binary files a/education/windows/images/oobe.jpg and /dev/null differ
diff --git a/education/windows/images/package.png b/education/windows/images/package.png
deleted file mode 100644
index f5e975e3e9..0000000000
Binary files a/education/windows/images/package.png and /dev/null differ
diff --git a/education/windows/images/privacy-contacts-marked.png b/education/windows/images/privacy-contacts-marked.png
deleted file mode 100644
index 54a3116408..0000000000
Binary files a/education/windows/images/privacy-contacts-marked.png and /dev/null differ
diff --git a/education/windows/images/proof-of-purchase.png b/education/windows/images/proof-of-purchase.png
deleted file mode 100644
index dd78d6329d..0000000000
Binary files a/education/windows/images/proof-of-purchase.png and /dev/null differ
diff --git a/education/windows/images/prov.jpg b/education/windows/images/prov.jpg
deleted file mode 100644
index 1593ccb36b..0000000000
Binary files a/education/windows/images/prov.jpg and /dev/null differ
diff --git a/education/windows/images/school.PNG b/education/windows/images/school.PNG
deleted file mode 100644
index f8be255a05..0000000000
Binary files a/education/windows/images/school.PNG and /dev/null differ
diff --git a/education/windows/images/settings-contacts-app-marked.png b/education/windows/images/settings-contacts-app-marked.png
deleted file mode 100644
index 94523f1b36..0000000000
Binary files a/education/windows/images/settings-contacts-app-marked.png and /dev/null differ
diff --git a/education/windows/images/settings-privacy-marked.png b/education/windows/images/settings-privacy-marked.png
deleted file mode 100644
index 513e9b1afc..0000000000
Binary files a/education/windows/images/settings-privacy-marked.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-access.png b/education/windows/images/setup-app-1-access.png
deleted file mode 100644
index 1de1081d1d..0000000000
Binary files a/education/windows/images/setup-app-1-access.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-usb.png b/education/windows/images/setup-app-1-usb.png
deleted file mode 100644
index b2d170244f..0000000000
Binary files a/education/windows/images/setup-app-1-usb.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-wifi-manual.png b/education/windows/images/setup-app-1-wifi-manual.png
deleted file mode 100644
index 92de4f784c..0000000000
Binary files a/education/windows/images/setup-app-1-wifi-manual.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1-wifi.png b/education/windows/images/setup-app-1-wifi.png
deleted file mode 100644
index 9f305e081c..0000000000
Binary files a/education/windows/images/setup-app-1-wifi.png and /dev/null differ
diff --git a/education/windows/images/setup-app-1.PNG b/education/windows/images/setup-app-1.PNG
deleted file mode 100644
index 1b88c5ac31..0000000000
Binary files a/education/windows/images/setup-app-1.PNG and /dev/null differ
diff --git a/education/windows/images/setup-app-2-directions.png b/education/windows/images/setup-app-2-directions.png
deleted file mode 100644
index f245aafb2b..0000000000
Binary files a/education/windows/images/setup-app-2-directions.png and /dev/null differ
diff --git a/education/windows/images/setup-app-3-directions.png b/education/windows/images/setup-app-3-directions.png
deleted file mode 100644
index f593ea7371..0000000000
Binary files a/education/windows/images/setup-app-3-directions.png and /dev/null differ
diff --git a/education/windows/images/setup-app-all-done.png b/education/windows/images/setup-app-all-done.png
deleted file mode 100644
index af7343f0e5..0000000000
Binary files a/education/windows/images/setup-app-all-done.png and /dev/null differ
diff --git a/education/windows/images/setup-options.png b/education/windows/images/setup-options.png
deleted file mode 100644
index 07d29576a0..0000000000
Binary files a/education/windows/images/setup-options.png and /dev/null differ
diff --git a/education/windows/images/setupmsg.jpg b/education/windows/images/setupmsg.jpg
deleted file mode 100644
index 12935483c5..0000000000
Binary files a/education/windows/images/setupmsg.jpg and /dev/null differ
diff --git a/education/windows/images/sfe-allow-shop-setting.png b/education/windows/images/sfe-allow-shop-setting.png
deleted file mode 100644
index 52320751ac..0000000000
Binary files a/education/windows/images/sfe-allow-shop-setting.png and /dev/null differ
diff --git a/education/windows/images/sfe-make-everyone-bp.png b/education/windows/images/sfe-make-everyone-bp.png
deleted file mode 100644
index fd2e263417..0000000000
Binary files a/education/windows/images/sfe-make-everyone-bp.png and /dev/null differ
diff --git a/education/windows/images/sfe-roles.png b/education/windows/images/sfe-roles.png
deleted file mode 100644
index 63a9290371..0000000000
Binary files a/education/windows/images/sfe-roles.png and /dev/null differ
diff --git a/education/windows/images/sign-in-prov.png b/education/windows/images/sign-in-prov.png
deleted file mode 100644
index 55c9276203..0000000000
Binary files a/education/windows/images/sign-in-prov.png and /dev/null differ
diff --git a/education/windows/images/signin.jpg b/education/windows/images/signin.jpg
deleted file mode 100644
index ad31bb31c4..0000000000
Binary files a/education/windows/images/signin.jpg and /dev/null differ
diff --git a/education/windows/images/skype-manage-profile-pic.png b/education/windows/images/skype-manage-profile-pic.png
deleted file mode 100644
index 4133ac9c60..0000000000
Binary files a/education/windows/images/skype-manage-profile-pic.png and /dev/null differ
diff --git a/education/windows/images/skype-profile-icon.png b/education/windows/images/skype-profile-icon.png
deleted file mode 100644
index 7ccaaea693..0000000000
Binary files a/education/windows/images/skype-profile-icon.png and /dev/null differ
diff --git a/education/windows/images/skype_uwp_manageprofilepic.PNG b/education/windows/images/skype_uwp_manageprofilepic.PNG
deleted file mode 100644
index bdcf23dbc2..0000000000
Binary files a/education/windows/images/skype_uwp_manageprofilepic.PNG and /dev/null differ
diff --git a/education/windows/images/skype_uwp_userprofile_icon.PNG b/education/windows/images/skype_uwp_userprofile_icon.PNG
deleted file mode 100644
index ad36c7f886..0000000000
Binary files a/education/windows/images/skype_uwp_userprofile_icon.PNG and /dev/null differ
diff --git a/education/windows/images/suspc_choosesettings_setuptakeatest.PNG b/education/windows/images/suspc_choosesettings_setuptakeatest.PNG
deleted file mode 100644
index 8ffc3fe3e6..0000000000
Binary files a/education/windows/images/suspc_choosesettings_setuptakeatest.PNG and /dev/null differ
diff --git a/education/windows/images/suspc_choosesettings_takeatest.PNG b/education/windows/images/suspc_choosesettings_takeatest.PNG
deleted file mode 100644
index 9f9f028852..0000000000
Binary files a/education/windows/images/suspc_choosesettings_takeatest.PNG and /dev/null differ
diff --git a/education/windows/images/suspc_choosesettings_takeatest_updated.png b/education/windows/images/suspc_choosesettings_takeatest_updated.png
deleted file mode 100644
index e44dd21207..0000000000
Binary files a/education/windows/images/suspc_choosesettings_takeatest_updated.png and /dev/null differ
diff --git a/education/windows/images/suspc_createpackage_takeatest.png b/education/windows/images/suspc_createpackage_takeatest.png
deleted file mode 100644
index 0be05a727d..0000000000
Binary files a/education/windows/images/suspc_createpackage_takeatest.png and /dev/null differ
diff --git a/education/windows/images/suspc_createpackage_takeatestpage.PNG b/education/windows/images/suspc_createpackage_takeatestpage.PNG
deleted file mode 100644
index df8c2cc5b5..0000000000
Binary files a/education/windows/images/suspc_createpackage_takeatestpage.PNG and /dev/null differ
diff --git a/education/windows/images/suspc_createpackage_takeatestpage_073117.PNG b/education/windows/images/suspc_createpackage_takeatestpage_073117.PNG
deleted file mode 100644
index 4a4ec886a5..0000000000
Binary files a/education/windows/images/suspc_createpackage_takeatestpage_073117.PNG and /dev/null differ
diff --git a/education/windows/images/1810_Name_Your_Package_SUSPC.png b/education/windows/images/suspcs/1810_Name_Your_Package_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_Name_Your_Package_SUSPC.png
rename to education/windows/images/suspcs/1810_Name_Your_Package_SUSPC.png
diff --git a/education/windows/images/1810_SUSPC_Insert_USB.png b/education/windows/images/suspcs/1810_SUSPC_Insert_USB.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Insert_USB.png
rename to education/windows/images/suspcs/1810_SUSPC_Insert_USB.png
diff --git a/education/windows/images/1810_SUSPC_Package_ready.png b/education/windows/images/suspcs/1810_SUSPC_Package_ready.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Package_ready.png
rename to education/windows/images/suspcs/1810_SUSPC_Package_ready.png
diff --git a/education/windows/images/1810_SUSPC_Product_key.png b/education/windows/images/suspcs/1810_SUSPC_Product_key.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Product_key.png
rename to education/windows/images/suspcs/1810_SUSPC_Product_key.png
diff --git a/education/windows/images/1810_SUSPC_Take_Test.png b/education/windows/images/suspcs/1810_SUSPC_Take_Test.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_Take_Test.png
rename to education/windows/images/suspcs/1810_SUSPC_Take_Test.png
diff --git a/education/windows/images/1810_SUSPC_USB.png b/education/windows/images/suspcs/1810_SUSPC_USB.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_USB.png
rename to education/windows/images/suspcs/1810_SUSPC_USB.png
diff --git a/education/windows/images/1810_SUSPC_add_apps.png b/education/windows/images/suspcs/1810_SUSPC_add_apps.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_add_apps.png
rename to education/windows/images/suspcs/1810_SUSPC_add_apps.png
diff --git a/education/windows/images/1810_SUSPC_app_error.png b/education/windows/images/suspcs/1810_SUSPC_app_error.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_app_error.png
rename to education/windows/images/suspcs/1810_SUSPC_app_error.png
diff --git a/education/windows/images/1810_SUSPC_available_settings.png b/education/windows/images/suspcs/1810_SUSPC_available_settings.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_available_settings.png
rename to education/windows/images/suspcs/1810_SUSPC_available_settings.png
diff --git a/education/windows/images/1810_SUSPC_personalization.png b/education/windows/images/suspcs/1810_SUSPC_personalization.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_personalization.png
rename to education/windows/images/suspcs/1810_SUSPC_personalization.png
diff --git a/education/windows/images/1810_SUSPC_select_Wifi.png b/education/windows/images/suspcs/1810_SUSPC_select_Wifi.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_select_Wifi.png
rename to education/windows/images/suspcs/1810_SUSPC_select_Wifi.png
diff --git a/education/windows/images/1810_SUSPC_summary.png b/education/windows/images/suspcs/1810_SUSPC_summary.png
similarity index 100%
rename from education/windows/images/1810_SUSPC_summary.png
rename to education/windows/images/suspcs/1810_SUSPC_summary.png
diff --git a/education/windows/images/1810_Sign_In_SUSPC.png b/education/windows/images/suspcs/1810_Sign_In_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_Sign_In_SUSPC.png
rename to education/windows/images/suspcs/1810_Sign_In_SUSPC.png
diff --git a/education/windows/images/1810_choose_account_SUSPC.png b/education/windows/images/suspcs/1810_choose_account_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_choose_account_SUSPC.png
rename to education/windows/images/suspcs/1810_choose_account_SUSPC.png
diff --git a/education/windows/images/1810_name-devices_SUSPC.png b/education/windows/images/suspcs/1810_name-devices_SUSPC.png
similarity index 100%
rename from education/windows/images/1810_name-devices_SUSPC.png
rename to education/windows/images/suspcs/1810_name-devices_SUSPC.png
diff --git a/education/windows/images/1810_suspc_settings.png b/education/windows/images/suspcs/1810_suspc_settings.png
similarity index 100%
rename from education/windows/images/1810_suspc_settings.png
rename to education/windows/images/suspcs/1810_suspc_settings.png
diff --git a/education/windows/images/1810_suspc_timezone.png b/education/windows/images/suspcs/1810_suspc_timezone.png
similarity index 100%
rename from education/windows/images/1810_suspc_timezone.png
rename to education/windows/images/suspcs/1810_suspc_timezone.png
diff --git a/education/windows/images/1812_Add_Apps_SUSPC.png b/education/windows/images/suspcs/1812_Add_Apps_SUSPC.png
similarity index 100%
rename from education/windows/images/1812_Add_Apps_SUSPC.png
rename to education/windows/images/suspcs/1812_Add_Apps_SUSPC.png
diff --git a/education/windows/images/suspc-add-recommended-apps-1807.png b/education/windows/images/suspcs/suspc-add-recommended-apps-1807.png
similarity index 100%
rename from education/windows/images/suspc-add-recommended-apps-1807.png
rename to education/windows/images/suspcs/suspc-add-recommended-apps-1807.png
diff --git a/education/windows/images/suspc-admin-token-delete-1807.png b/education/windows/images/suspcs/suspc-admin-token-delete-1807.png
similarity index 100%
rename from education/windows/images/suspc-admin-token-delete-1807.png
rename to education/windows/images/suspcs/suspc-admin-token-delete-1807.png
diff --git a/education/windows/images/suspc-assessment-url-1807.png b/education/windows/images/suspcs/suspc-assessment-url-1807.png
similarity index 100%
rename from education/windows/images/suspc-assessment-url-1807.png
rename to education/windows/images/suspcs/suspc-assessment-url-1807.png
diff --git a/education/windows/images/suspc-available-student-settings-1807.png b/education/windows/images/suspcs/suspc-available-student-settings-1807.png
similarity index 100%
rename from education/windows/images/suspc-available-student-settings-1807.png
rename to education/windows/images/suspcs/suspc-available-student-settings-1807.png
diff --git a/education/windows/images/suspc-configure-student-settings-1807.png b/education/windows/images/suspcs/suspc-configure-student-settings-1807.png
similarity index 100%
rename from education/windows/images/suspc-configure-student-settings-1807.png
rename to education/windows/images/suspcs/suspc-configure-student-settings-1807.png
diff --git a/education/windows/images/suspc-createpackage-signin-1807.png b/education/windows/images/suspcs/suspc-createpackage-signin-1807.png
similarity index 100%
rename from education/windows/images/suspc-createpackage-signin-1807.png
rename to education/windows/images/suspcs/suspc-createpackage-signin-1807.png
diff --git a/education/windows/images/suspc-createpackage-summary-1807.png b/education/windows/images/suspcs/suspc-createpackage-summary-1807.png
similarity index 100%
rename from education/windows/images/suspc-createpackage-summary-1807.png
rename to education/windows/images/suspcs/suspc-createpackage-summary-1807.png
diff --git a/education/windows/images/suspc-current-os-version-1807.png b/education/windows/images/suspcs/suspc-current-os-version-1807.png
similarity index 100%
rename from education/windows/images/suspc-current-os-version-1807.png
rename to education/windows/images/suspcs/suspc-current-os-version-1807.png
diff --git a/education/windows/images/suspc-current-os-version-next-1807.png b/education/windows/images/suspcs/suspc-current-os-version-next-1807.png
similarity index 100%
rename from education/windows/images/suspc-current-os-version-next-1807.png
rename to education/windows/images/suspcs/suspc-current-os-version-next-1807.png
diff --git a/education/windows/images/suspc-device-names-1807.png b/education/windows/images/suspcs/suspc-device-names-1807.png
similarity index 100%
rename from education/windows/images/suspc-device-names-1807.png
rename to education/windows/images/suspcs/suspc-device-names-1807.png
diff --git a/education/windows/images/suspc-enable-shared-pc-1807.png b/education/windows/images/suspcs/suspc-enable-shared-pc-1807.png
similarity index 100%
rename from education/windows/images/suspc-enable-shared-pc-1807.png
rename to education/windows/images/suspcs/suspc-enable-shared-pc-1807.png
diff --git a/education/windows/images/suspc-savepackage-insertusb-1807.png b/education/windows/images/suspcs/suspc-savepackage-insertusb-1807.png
similarity index 100%
rename from education/windows/images/suspc-savepackage-insertusb-1807.png
rename to education/windows/images/suspcs/suspc-savepackage-insertusb-1807.png
diff --git a/education/windows/images/suspc-savepackage-ppkgisready-1807.png b/education/windows/images/suspcs/suspc-savepackage-ppkgisready-1807.png
similarity index 100%
rename from education/windows/images/suspc-savepackage-ppkgisready-1807.png
rename to education/windows/images/suspcs/suspc-savepackage-ppkgisready-1807.png
diff --git a/education/windows/images/suspc-select-wifi-1807.png b/education/windows/images/suspcs/suspc-select-wifi-1807.png
similarity index 100%
rename from education/windows/images/suspc-select-wifi-1807.png
rename to education/windows/images/suspcs/suspc-select-wifi-1807.png
diff --git a/education/windows/images/suspc-select-wifi-network-1807.png b/education/windows/images/suspcs/suspc-select-wifi-network-1807.png
similarity index 100%
rename from education/windows/images/suspc-select-wifi-network-1807.png
rename to education/windows/images/suspcs/suspc-select-wifi-network-1807.png
diff --git a/education/windows/images/suspc-sign-in-select-1807.png b/education/windows/images/suspcs/suspc-sign-in-select-1807.png
similarity index 100%
rename from education/windows/images/suspc-sign-in-select-1807.png
rename to education/windows/images/suspcs/suspc-sign-in-select-1807.png
diff --git a/education/windows/images/suspc-take-a-test-1807.png b/education/windows/images/suspcs/suspc-take-a-test-1807.png
similarity index 100%
rename from education/windows/images/suspc-take-a-test-1807.png
rename to education/windows/images/suspcs/suspc-take-a-test-1807.png
diff --git a/education/windows/images/suspc-take-a-test-app-1807.png b/education/windows/images/suspcs/suspc-take-a-test-app-1807.png
similarity index 100%
rename from education/windows/images/suspc-take-a-test-app-1807.png
rename to education/windows/images/suspcs/suspc-take-a-test-app-1807.png
diff --git a/education/windows/images/suspc-time-zone-1807.png b/education/windows/images/suspcs/suspc-time-zone-1807.png
similarity index 100%
rename from education/windows/images/suspc-time-zone-1807.png
rename to education/windows/images/suspcs/suspc-time-zone-1807.png
diff --git a/education/windows/images/suspc-wifi-network-1807.png b/education/windows/images/suspcs/suspc-wifi-network-1807.png
similarity index 100%
rename from education/windows/images/suspc-wifi-network-1807.png
rename to education/windows/images/suspcs/suspc-wifi-network-1807.png
diff --git a/education/windows/images/suspc_account_signin.PNG b/education/windows/images/suspcs/suspc_account_signin.PNG
similarity index 100%
rename from education/windows/images/suspc_account_signin.PNG
rename to education/windows/images/suspcs/suspc_account_signin.PNG
diff --git a/education/windows/images/suspc_and_wcd_comparison.png b/education/windows/images/suspcs/suspc_and_wcd_comparison.png
similarity index 100%
rename from education/windows/images/suspc_and_wcd_comparison.png
rename to education/windows/images/suspcs/suspc_and_wcd_comparison.png
diff --git a/education/windows/images/suspc_choosesettings_apps.PNG b/education/windows/images/suspcs/suspc_choosesettings_apps.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_apps.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_apps.PNG
diff --git a/education/windows/images/suspc_choosesettings_settings.PNG b/education/windows/images/suspcs/suspc_choosesettings_settings.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_settings.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_settings.PNG
diff --git a/education/windows/images/suspc_choosesettings_settings_updated.PNG b/education/windows/images/suspcs/suspc_choosesettings_settings_updated.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_settings_updated.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_settings_updated.PNG
diff --git a/education/windows/images/suspc_choosesettings_signin.PNG b/education/windows/images/suspcs/suspc_choosesettings_signin.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_signin.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_signin.PNG
diff --git a/education/windows/images/suspc_choosesettings_signin_final.PNG b/education/windows/images/suspcs/suspc_choosesettings_signin_final.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_signin_final.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_signin_final.PNG
diff --git a/education/windows/images/suspc_choosesettings_summary.PNG b/education/windows/images/suspcs/suspc_choosesettings_summary.PNG
similarity index 100%
rename from education/windows/images/suspc_choosesettings_summary.PNG
rename to education/windows/images/suspcs/suspc_choosesettings_summary.PNG
diff --git a/education/windows/images/suspc_configure_pc2.jpg b/education/windows/images/suspcs/suspc_configure_pc2.jpg
similarity index 100%
rename from education/windows/images/suspc_configure_pc2.jpg
rename to education/windows/images/suspcs/suspc_configure_pc2.jpg
diff --git a/education/windows/images/suspc_createpackage_configurestudentpcsettings.png b/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_configurestudentpcsettings.png
rename to education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings.png
diff --git a/education/windows/images/suspc_createpackage_configurestudentpcsettings_121117.PNG b/education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings_121117.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_configurestudentpcsettings_121117.PNG
rename to education/windows/images/suspcs/suspc_createpackage_configurestudentpcsettings_121117.PNG
diff --git a/education/windows/images/suspc_createpackage_recommendedapps.png b/education/windows/images/suspcs/suspc_createpackage_recommendedapps.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_recommendedapps.png
rename to education/windows/images/suspcs/suspc_createpackage_recommendedapps.png
diff --git a/education/windows/images/suspc_createpackage_recommendedapps_073117.PNG b/education/windows/images/suspcs/suspc_createpackage_recommendedapps_073117.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_recommendedapps_073117.PNG
rename to education/windows/images/suspcs/suspc_createpackage_recommendedapps_073117.PNG
diff --git a/education/windows/images/suspc_createpackage_recommendedapps_office061217.png b/education/windows/images/suspcs/suspc_createpackage_recommendedapps_office061217.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_recommendedapps_office061217.png
rename to education/windows/images/suspcs/suspc_createpackage_recommendedapps_office061217.png
diff --git a/education/windows/images/suspc_createpackage_settingspage.PNG b/education/windows/images/suspcs/suspc_createpackage_settingspage.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_settingspage.PNG
rename to education/windows/images/suspcs/suspc_createpackage_settingspage.PNG
diff --git a/education/windows/images/suspc_createpackage_signin.png b/education/windows/images/suspcs/suspc_createpackage_signin.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_signin.png
rename to education/windows/images/suspcs/suspc_createpackage_signin.png
diff --git a/education/windows/images/suspc_createpackage_skipwifi_modaldialog.png b/education/windows/images/suspcs/suspc_createpackage_skipwifi_modaldialog.png
similarity index 100%
rename from education/windows/images/suspc_createpackage_skipwifi_modaldialog.png
rename to education/windows/images/suspcs/suspc_createpackage_skipwifi_modaldialog.png
diff --git a/education/windows/images/suspc_createpackage_summary.PNG b/education/windows/images/suspcs/suspc_createpackage_summary.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_summary.PNG
rename to education/windows/images/suspcs/suspc_createpackage_summary.PNG
diff --git a/education/windows/images/suspc_createpackage_summary_073117.PNG b/education/windows/images/suspcs/suspc_createpackage_summary_073117.PNG
similarity index 100%
rename from education/windows/images/suspc_createpackage_summary_073117.PNG
rename to education/windows/images/suspcs/suspc_createpackage_summary_073117.PNG
diff --git a/education/windows/images/suspc_getpcsready.PNG b/education/windows/images/suspcs/suspc_getpcsready.PNG
similarity index 100%
rename from education/windows/images/suspc_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_getpcsready.PNG
diff --git a/education/windows/images/suspc_getpcsready_getpcsready.PNG b/education/windows/images/suspcs/suspc_getpcsready_getpcsready.PNG
similarity index 100%
rename from education/windows/images/suspc_getpcsready_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_getpcsready_getpcsready.PNG
diff --git a/education/windows/images/suspc_getpcsready_installpackage.PNG b/education/windows/images/suspcs/suspc_getpcsready_installpackage.PNG
similarity index 100%
rename from education/windows/images/suspc_getpcsready_installpackage.PNG
rename to education/windows/images/suspcs/suspc_getpcsready_installpackage.PNG
diff --git a/education/windows/images/suspc_getstarted.PNG b/education/windows/images/suspcs/suspc_getstarted.PNG
similarity index 100%
rename from education/windows/images/suspc_getstarted.PNG
rename to education/windows/images/suspcs/suspc_getstarted.PNG
diff --git a/education/windows/images/suspc_getstarted_050817.PNG b/education/windows/images/suspcs/suspc_getstarted_050817.PNG
similarity index 100%
rename from education/windows/images/suspc_getstarted_050817.PNG
rename to education/windows/images/suspcs/suspc_getstarted_050817.PNG
diff --git a/education/windows/images/suspc_getstarted_final.PNG b/education/windows/images/suspcs/suspc_getstarted_final.PNG
similarity index 100%
rename from education/windows/images/suspc_getstarted_final.PNG
rename to education/windows/images/suspcs/suspc_getstarted_final.PNG
diff --git a/education/windows/images/suspc_getstarted_resized.png b/education/windows/images/suspcs/suspc_getstarted_resized.png
similarity index 100%
rename from education/windows/images/suspc_getstarted_resized.png
rename to education/windows/images/suspcs/suspc_getstarted_resized.png
diff --git a/education/windows/images/suspc_installsetupfile.PNG b/education/windows/images/suspcs/suspc_installsetupfile.PNG
similarity index 100%
rename from education/windows/images/suspc_installsetupfile.PNG
rename to education/windows/images/suspcs/suspc_installsetupfile.PNG
diff --git a/education/windows/images/suspc_ppkg_isready.PNG b/education/windows/images/suspcs/suspc_ppkg_isready.PNG
similarity index 100%
rename from education/windows/images/suspc_ppkg_isready.PNG
rename to education/windows/images/suspcs/suspc_ppkg_isready.PNG
diff --git a/education/windows/images/suspc_ppkgisready_050817.PNG b/education/windows/images/suspcs/suspc_ppkgisready_050817.PNG
similarity index 100%
rename from education/windows/images/suspc_ppkgisready_050817.PNG
rename to education/windows/images/suspcs/suspc_ppkgisready_050817.PNG
diff --git a/education/windows/images/suspc_ppkgready.PNG b/education/windows/images/suspcs/suspc_ppkgready.PNG
similarity index 100%
rename from education/windows/images/suspc_ppkgready.PNG
rename to education/windows/images/suspcs/suspc_ppkgready.PNG
diff --git a/education/windows/images/suspc_reviewsettings.PNG b/education/windows/images/suspcs/suspc_reviewsettings.PNG
similarity index 100%
rename from education/windows/images/suspc_reviewsettings.PNG
rename to education/windows/images/suspcs/suspc_reviewsettings.PNG
diff --git a/education/windows/images/suspc_reviewsettings_bluelinks.png b/education/windows/images/suspcs/suspc_reviewsettings_bluelinks.png
similarity index 100%
rename from education/windows/images/suspc_reviewsettings_bluelinks.png
rename to education/windows/images/suspcs/suspc_reviewsettings_bluelinks.png
diff --git a/education/windows/images/suspc_runpackage_getpcsready.PNG b/education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG
similarity index 100%
rename from education/windows/images/suspc_runpackage_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG
diff --git a/education/windows/images/suspc_runpackage_installpackage.PNG b/education/windows/images/suspcs/suspc_runpackage_installpackage.PNG
similarity index 100%
rename from education/windows/images/suspc_runpackage_installpackage.PNG
rename to education/windows/images/suspcs/suspc_runpackage_installpackage.PNG
diff --git a/education/windows/images/suspc_savepackage_insertusb.PNG b/education/windows/images/suspcs/suspc_savepackage_insertusb.PNG
similarity index 100%
rename from education/windows/images/suspc_savepackage_insertusb.PNG
rename to education/windows/images/suspcs/suspc_savepackage_insertusb.PNG
diff --git a/education/windows/images/suspc_savepackage_insertusb_050817.PNG b/education/windows/images/suspcs/suspc_savepackage_insertusb_050817.PNG
similarity index 100%
rename from education/windows/images/suspc_savepackage_insertusb_050817.PNG
rename to education/windows/images/suspcs/suspc_savepackage_insertusb_050817.PNG
diff --git a/education/windows/images/suspc_savepackage_ppkgisready.png b/education/windows/images/suspcs/suspc_savepackage_ppkgisready.png
similarity index 100%
rename from education/windows/images/suspc_savepackage_ppkgisready.png
rename to education/windows/images/suspcs/suspc_savepackage_ppkgisready.png
diff --git a/education/windows/images/suspc_savesettings.PNG b/education/windows/images/suspcs/suspc_savesettings.PNG
similarity index 100%
rename from education/windows/images/suspc_savesettings.PNG
rename to education/windows/images/suspcs/suspc_savesettings.PNG
diff --git a/education/windows/images/suspc_setup_removemediamessage.png b/education/windows/images/suspcs/suspc_setup_removemediamessage.png
similarity index 100%
rename from education/windows/images/suspc_setup_removemediamessage.png
rename to education/windows/images/suspcs/suspc_setup_removemediamessage.png
diff --git a/education/windows/images/suspc_setupfile_reviewsettings.PNG b/education/windows/images/suspcs/suspc_setupfile_reviewsettings.PNG
similarity index 100%
rename from education/windows/images/suspc_setupfile_reviewsettings.PNG
rename to education/windows/images/suspcs/suspc_setupfile_reviewsettings.PNG
diff --git a/education/windows/images/suspc_setupfile_savesettings.PNG b/education/windows/images/suspcs/suspc_setupfile_savesettings.PNG
similarity index 100%
rename from education/windows/images/suspc_setupfile_savesettings.PNG
rename to education/windows/images/suspcs/suspc_setupfile_savesettings.PNG
diff --git a/education/windows/images/suspc_setupfileready.PNG b/education/windows/images/suspcs/suspc_setupfileready.PNG
similarity index 100%
rename from education/windows/images/suspc_setupfileready.PNG
rename to education/windows/images/suspcs/suspc_setupfileready.PNG
diff --git a/education/windows/images/suspc_signin_account.PNG b/education/windows/images/suspcs/suspc_signin_account.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_account.PNG
rename to education/windows/images/suspcs/suspc_signin_account.PNG
diff --git a/education/windows/images/suspc_signin_addapps.PNG b/education/windows/images/suspcs/suspc_signin_addapps.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_addapps.PNG
rename to education/windows/images/suspcs/suspc_signin_addapps.PNG
diff --git a/education/windows/images/suspc_signin_allowguests.PNG b/education/windows/images/suspcs/suspc_signin_allowguests.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_allowguests.PNG
rename to education/windows/images/suspcs/suspc_signin_allowguests.PNG
diff --git a/education/windows/images/suspc_signin_setuptakeatest.PNG b/education/windows/images/suspcs/suspc_signin_setuptakeatest.PNG
similarity index 100%
rename from education/windows/images/suspc_signin_setuptakeatest.PNG
rename to education/windows/images/suspcs/suspc_signin_setuptakeatest.PNG
diff --git a/education/windows/images/suspc_start.PNG b/education/windows/images/suspcs/suspc_start.PNG
similarity index 100%
rename from education/windows/images/suspc_start.PNG
rename to education/windows/images/suspcs/suspc_start.PNG
diff --git a/education/windows/images/suspc_studentpcsetup_installingsetupfile.png b/education/windows/images/suspcs/suspc_studentpcsetup_installingsetupfile.png
similarity index 100%
rename from education/windows/images/suspc_studentpcsetup_installingsetupfile.png
rename to education/windows/images/suspcs/suspc_studentpcsetup_installingsetupfile.png
diff --git a/education/windows/images/suspc_wcd_featureslist.png b/education/windows/images/suspcs/suspc_wcd_featureslist.png
similarity index 100%
rename from education/windows/images/suspc_wcd_featureslist.png
rename to education/windows/images/suspcs/suspc_wcd_featureslist.png
diff --git a/education/windows/images/suspc_wcd_sidebyside.png b/education/windows/images/suspcs/suspc_wcd_sidebyside.png
similarity index 100%
rename from education/windows/images/suspc_wcd_sidebyside.png
rename to education/windows/images/suspcs/suspc_wcd_sidebyside.png
diff --git a/education/windows/images/suspc_win10v1703_getstarted.PNG b/education/windows/images/suspcs/suspc_win10v1703_getstarted.PNG
similarity index 100%
rename from education/windows/images/suspc_win10v1703_getstarted.PNG
rename to education/windows/images/suspcs/suspc_win10v1703_getstarted.PNG
diff --git a/education/windows/images/win10_1703_oobe_firstscreen.png b/education/windows/images/suspcs/win10_1703_oobe_firstscreen.png
similarity index 100%
rename from education/windows/images/win10_1703_oobe_firstscreen.png
rename to education/windows/images/suspcs/win10_1703_oobe_firstscreen.png
diff --git a/education/windows/images/take-a-test-flow.png b/education/windows/images/take-a-test-flow.png
deleted file mode 100644
index a5135c1822..0000000000
Binary files a/education/windows/images/take-a-test-flow.png and /dev/null differ
diff --git a/education/windows/images/take_a_test_flow.png b/education/windows/images/take_a_test_flow.png
deleted file mode 100644
index 261813c7f8..0000000000
Binary files a/education/windows/images/take_a_test_flow.png and /dev/null differ
diff --git a/education/windows/images/take_a_test_flow_dark.png b/education/windows/images/take_a_test_flow_dark.png
deleted file mode 100644
index 98255e8694..0000000000
Binary files a/education/windows/images/take_a_test_flow_dark.png and /dev/null differ
diff --git a/education/windows/images/take_a_test_workflow.png b/education/windows/images/take_a_test_workflow.png
deleted file mode 100644
index a4c7a84686..0000000000
Binary files a/education/windows/images/take_a_test_workflow.png and /dev/null differ
diff --git a/education/windows/images/takeatest/desktop-shortcuts.png b/education/windows/images/takeatest/desktop-shortcuts.png
new file mode 100644
index 0000000000..fa246eb151
Binary files /dev/null and b/education/windows/images/takeatest/desktop-shortcuts.png differ
diff --git a/education/windows/images/takeatest/flow-chart.png b/education/windows/images/takeatest/flow-chart.png
new file mode 100644
index 0000000000..220ef54a00
Binary files /dev/null and b/education/windows/images/takeatest/flow-chart.png differ
diff --git a/education/windows/images/takeatest/intune-education-take-a-test-profile.png b/education/windows/images/takeatest/intune-education-take-a-test-profile.png
new file mode 100644
index 0000000000..440925d5c4
Binary files /dev/null and b/education/windows/images/takeatest/intune-education-take-a-test-profile.png differ
diff --git a/education/windows/images/takeatest/intune-take-a-test-custom-profile.png b/education/windows/images/takeatest/intune-take-a-test-custom-profile.png
new file mode 100644
index 0000000000..71e94646ec
Binary files /dev/null and b/education/windows/images/takeatest/intune-take-a-test-custom-profile.png differ
diff --git a/education/windows/images/takeatest/login-screen-take-a-test-single-pc.png b/education/windows/images/takeatest/login-screen-take-a-test-single-pc.png
new file mode 100644
index 0000000000..77b4fc7bc6
Binary files /dev/null and b/education/windows/images/takeatest/login-screen-take-a-test-single-pc.png differ
diff --git a/education/windows/images/takeatest/settings-accounts-choose-take-a-test-account.png b/education/windows/images/takeatest/settings-accounts-choose-take-a-test-account.png
new file mode 100644
index 0000000000..03af072260
Binary files /dev/null and b/education/windows/images/takeatest/settings-accounts-choose-take-a-test-account.png differ
diff --git a/education/windows/images/takeatest/settings-accounts-create-take-a-test-account.png b/education/windows/images/takeatest/settings-accounts-create-take-a-test-account.png
new file mode 100644
index 0000000000..cc9c1443b2
Binary files /dev/null and b/education/windows/images/takeatest/settings-accounts-create-take-a-test-account.png differ
diff --git a/education/windows/images/takeatest/settings-accounts-set-up-take-a-test-account.png b/education/windows/images/takeatest/settings-accounts-set-up-take-a-test-account.png
new file mode 100644
index 0000000000..8cb28abc78
Binary files /dev/null and b/education/windows/images/takeatest/settings-accounts-set-up-take-a-test-account.png differ
diff --git a/education/windows/images/takeatest/sign-in-sign-out.gif b/education/windows/images/takeatest/sign-in-sign-out.gif
new file mode 100644
index 0000000000..7b4354b31c
Binary files /dev/null and b/education/windows/images/takeatest/sign-in-sign-out.gif differ
diff --git a/education/windows/images/takeatest/suspcs-take-a-test.png b/education/windows/images/takeatest/suspcs-take-a-test.png
new file mode 100644
index 0000000000..fca5587d78
Binary files /dev/null and b/education/windows/images/takeatest/suspcs-take-a-test.png differ
diff --git a/education/windows/images/takeatest/wcd-take-a-test.png b/education/windows/images/takeatest/wcd-take-a-test.png
new file mode 100644
index 0000000000..c05761dfb8
Binary files /dev/null and b/education/windows/images/takeatest/wcd-take-a-test.png differ
diff --git a/education/windows/images/tat_settingsapp_setupaccount_addtestaccount.PNG b/education/windows/images/tat_settingsapp_setupaccount_addtestaccount.PNG
deleted file mode 100644
index 66c28eccc7..0000000000
Binary files a/education/windows/images/tat_settingsapp_setupaccount_addtestaccount.PNG and /dev/null differ
diff --git a/education/windows/images/tat_settingsapp_setuptesttakingaccount.PNG b/education/windows/images/tat_settingsapp_setuptesttakingaccount.PNG
deleted file mode 100644
index 70a917d836..0000000000
Binary files a/education/windows/images/tat_settingsapp_setuptesttakingaccount.PNG and /dev/null differ
diff --git a/education/windows/images/tat_settingsapp_setuptesttakingaccount_1703.PNG b/education/windows/images/tat_settingsapp_setuptesttakingaccount_1703.PNG
deleted file mode 100644
index deb04f2e74..0000000000
Binary files a/education/windows/images/tat_settingsapp_setuptesttakingaccount_1703.PNG and /dev/null differ
diff --git a/education/windows/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG b/education/windows/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG
deleted file mode 100644
index c9221ed95a..0000000000
Binary files a/education/windows/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG and /dev/null differ
diff --git a/education/windows/images/teacher-get-app.PNG b/education/windows/images/teacher-get-app.PNG
deleted file mode 100644
index 329607edb9..0000000000
Binary files a/education/windows/images/teacher-get-app.PNG and /dev/null differ
diff --git a/education/windows/images/teacher.PNG b/education/windows/images/teacher.PNG
deleted file mode 100644
index 286d515624..0000000000
Binary files a/education/windows/images/teacher.PNG and /dev/null differ
diff --git a/education/windows/images/test-account-icd.PNG b/education/windows/images/test-account-icd.PNG
deleted file mode 100644
index 4fd9bf3f28..0000000000
Binary files a/education/windows/images/test-account-icd.PNG and /dev/null differ
diff --git a/education/windows/images/trust-package.png b/education/windows/images/trust-package.png
deleted file mode 100644
index 8a293ea4da..0000000000
Binary files a/education/windows/images/trust-package.png and /dev/null differ
diff --git a/education/windows/images/uwp-dependencies.PNG b/education/windows/images/uwp-dependencies.PNG
deleted file mode 100644
index 4e2563169f..0000000000
Binary files a/education/windows/images/uwp-dependencies.PNG and /dev/null differ
diff --git a/education/windows/images/uwp-family.PNG b/education/windows/images/uwp-family.PNG
deleted file mode 100644
index bec731eec4..0000000000
Binary files a/education/windows/images/uwp-family.PNG and /dev/null differ
diff --git a/education/windows/images/uwp-license.PNG b/education/windows/images/uwp-license.PNG
deleted file mode 100644
index ccb5cf7cf4..0000000000
Binary files a/education/windows/images/uwp-license.PNG and /dev/null differ
diff --git a/education/windows/images/setedupolicies_wcd.PNG b/education/windows/images/wcd/setedupolicies.PNG
similarity index 100%
rename from education/windows/images/setedupolicies_wcd.PNG
rename to education/windows/images/wcd/setedupolicies.PNG
diff --git a/education/windows/images/wcd_accountmanagement.PNG b/education/windows/images/wcd/wcd_accountmanagement.PNG
similarity index 100%
rename from education/windows/images/wcd_accountmanagement.PNG
rename to education/windows/images/wcd/wcd_accountmanagement.PNG
diff --git a/education/windows/images/wcd_exportpackage.PNG b/education/windows/images/wcd/wcd_exportpackage.PNG
similarity index 100%
rename from education/windows/images/wcd_exportpackage.PNG
rename to education/windows/images/wcd/wcd_exportpackage.PNG
diff --git a/education/windows/images/wcd_productkey.png b/education/windows/images/wcd/wcd_productkey.png
similarity index 100%
rename from education/windows/images/wcd_productkey.png
rename to education/windows/images/wcd/wcd_productkey.png
diff --git a/education/windows/images/wcd_settings_assignedaccess.PNG b/education/windows/images/wcd/wcd_settings_assignedaccess.PNG
similarity index 100%
rename from education/windows/images/wcd_settings_assignedaccess.PNG
rename to education/windows/images/wcd/wcd_settings_assignedaccess.PNG
diff --git a/education/windows/images/wcd_setupdevice.PNG b/education/windows/images/wcd/wcd_setupdevice.PNG
similarity index 100%
rename from education/windows/images/wcd_setupdevice.PNG
rename to education/windows/images/wcd/wcd_setupdevice.PNG
diff --git a/education/windows/images/wcd_setupnetwork.PNG b/education/windows/images/wcd/wcd_setupnetwork.PNG
similarity index 100%
rename from education/windows/images/wcd_setupnetwork.PNG
rename to education/windows/images/wcd/wcd_setupnetwork.PNG
diff --git a/education/windows/images/wcd_win10v1703_start_newdesktopproject.PNG b/education/windows/images/wcd/wcd_win10v1703_start_newdesktopproject.PNG
similarity index 100%
rename from education/windows/images/wcd_win10v1703_start_newdesktopproject.PNG
rename to education/windows/images/wcd/wcd_win10v1703_start_newdesktopproject.PNG
diff --git a/education/windows/images/who-owns-pc.png b/education/windows/images/who-owns-pc.png
deleted file mode 100644
index d3ce1def8d..0000000000
Binary files a/education/windows/images/who-owns-pc.png and /dev/null differ
diff --git a/education/windows/images/win-11-se-federated-sign-in.gif b/education/windows/images/win-11-se-federated-sign-in.gif
new file mode 100644
index 0000000000..c234f729fc
Binary files /dev/null and b/education/windows/images/win-11-se-federated-sign-in.gif differ
diff --git a/education/windows/images/win-11-se-stickers-animation.gif b/education/windows/images/win-11-se-stickers-animation.gif
new file mode 100644
index 0000000000..592b1a478b
Binary files /dev/null and b/education/windows/images/win-11-se-stickers-animation.gif differ
diff --git a/education/windows/images/win-11-se-stickers-menu.png b/education/windows/images/win-11-se-stickers-menu.png
new file mode 100644
index 0000000000..ddd761af0f
Binary files /dev/null and b/education/windows/images/win-11-se-stickers-menu.png differ
diff --git a/education/windows/images/win-11-se-stickers-picker.png b/education/windows/images/win-11-se-stickers-picker.png
new file mode 100644
index 0000000000..44fad2a725
Binary files /dev/null and b/education/windows/images/win-11-se-stickers-picker.png differ
diff --git a/education/windows/images/win-11-se-stickers.png b/education/windows/images/win-11-se-stickers.png
new file mode 100644
index 0000000000..fe6008bef3
Binary files /dev/null and b/education/windows/images/win-11-se-stickers.png differ
diff --git a/education/windows/images/win-11-se-themes-1.png b/education/windows/images/win-11-se-themes-1.png
new file mode 100644
index 0000000000..e37ce1062e
Binary files /dev/null and b/education/windows/images/win-11-se-themes-1.png differ
diff --git a/education/windows/images/win-11-se-themes.png b/education/windows/images/win-11-se-themes.png
new file mode 100644
index 0000000000..259784bc45
Binary files /dev/null and b/education/windows/images/win-11-se-themes.png differ
diff --git a/education/windows/images/win10-connect-to-work-or-school.png b/education/windows/images/win10-connect-to-work-or-school.png
deleted file mode 100644
index 08afb5b092..0000000000
Binary files a/education/windows/images/win10-connect-to-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/win10-lets-get-2.png b/education/windows/images/win10-lets-get-2.png
deleted file mode 100644
index c2d3c3ba61..0000000000
Binary files a/education/windows/images/win10-lets-get-2.png and /dev/null differ
diff --git a/education/windows/images/win10-set-up-work-or-school.png b/education/windows/images/win10-set-up-work-or-school.png
deleted file mode 100644
index 0ca83fb0e1..0000000000
Binary files a/education/windows/images/win10-set-up-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/win10_settings_privacy.PNG b/education/windows/images/win10_settings_privacy.PNG
deleted file mode 100644
index 5285ce94f2..0000000000
Binary files a/education/windows/images/win10_settings_privacy.PNG and /dev/null differ
diff --git a/education/windows/images/win10_settings_privacy_contacts.PNG b/education/windows/images/win10_settings_privacy_contacts.PNG
deleted file mode 100644
index f17ef60de0..0000000000
Binary files a/education/windows/images/win10_settings_privacy_contacts.PNG and /dev/null differ
diff --git a/education/windows/images/win10_settings_privacy_contacts_apps.png b/education/windows/images/win10_settings_privacy_contacts_apps.png
deleted file mode 100644
index 774f18fad9..0000000000
Binary files a/education/windows/images/win10_settings_privacy_contacts_apps.png and /dev/null differ
diff --git a/education/windows/images/windows-10-for-education-banner.png b/education/windows/images/windows-10-for-education-banner.png
deleted file mode 100644
index cf33adc9b6..0000000000
Binary files a/education/windows/images/windows-10-for-education-banner.png and /dev/null differ
diff --git a/education/windows/images/windows-11-se.png b/education/windows/images/windows-11-se.png
new file mode 100644
index 0000000000..48446caa20
Binary files /dev/null and b/education/windows/images/windows-11-se.png differ
diff --git a/education/windows/images/windows-ad-connect.png b/education/windows/images/windows-ad-connect.png
deleted file mode 100644
index 97a69d1a6c..0000000000
Binary files a/education/windows/images/windows-ad-connect.png and /dev/null differ
diff --git a/education/windows/images/windows-choose-how.png b/education/windows/images/windows-choose-how.png
deleted file mode 100644
index 8e84535bfd..0000000000
Binary files a/education/windows/images/windows-choose-how.png and /dev/null differ
diff --git a/education/windows/images/windows-connect-to-work-or-school.png b/education/windows/images/windows-connect-to-work-or-school.png
deleted file mode 100644
index 90e1b1131f..0000000000
Binary files a/education/windows/images/windows-connect-to-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/windows-lets-get-2.png b/education/windows/images/windows-lets-get-2.png
deleted file mode 100644
index ef523d4af8..0000000000
Binary files a/education/windows/images/windows-lets-get-2.png and /dev/null differ
diff --git a/education/windows/images/windows-lets-get.png b/education/windows/images/windows-lets-get.png
deleted file mode 100644
index 582da1ab2d..0000000000
Binary files a/education/windows/images/windows-lets-get.png and /dev/null differ
diff --git a/education/windows/images/windows-set-up-work-or-school.png b/education/windows/images/windows-set-up-work-or-school.png
deleted file mode 100644
index cebd87cff8..0000000000
Binary files a/education/windows/images/windows-set-up-work-or-school.png and /dev/null differ
diff --git a/education/windows/images/windows-sign-in.png b/education/windows/images/windows-sign-in.png
deleted file mode 100644
index 3029d3ef2b..0000000000
Binary files a/education/windows/images/windows-sign-in.png and /dev/null differ
diff --git a/education/windows/images/windows-who-owns.png b/education/windows/images/windows-who-owns.png
deleted file mode 100644
index c3008869d2..0000000000
Binary files a/education/windows/images/windows-who-owns.png and /dev/null differ
diff --git a/education/windows/images/windows.png b/education/windows/images/windows.png
deleted file mode 100644
index 9b312d7844..0000000000
Binary files a/education/windows/images/windows.png and /dev/null differ
diff --git a/education/windows/images/windows_glyph.png b/education/windows/images/windows_glyph.png
deleted file mode 100644
index 3a41d4dfb1..0000000000
Binary files a/education/windows/images/windows_glyph.png and /dev/null differ
diff --git a/education/windows/images/wsfb-minecraft-vl.png b/education/windows/images/wsfb-minecraft-vl.png
deleted file mode 100644
index e3fe6de6d7..0000000000
Binary files a/education/windows/images/wsfb-minecraft-vl.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_enabled_for_org.png b/education/windows/images/wsfb_win10_pro_education_enabled_for_org.png
deleted file mode 100644
index ea3d582d79..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_enabled_for_org.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_launch.png b/education/windows/images/wsfb_win10_pro_education_launch.png
deleted file mode 100644
index 4e7b741227..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_launch.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_order_confirmation.png b/education/windows/images/wsfb_win10_pro_education_order_confirmation.png
deleted file mode 100644
index e35bbf64d5..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_order_confirmation.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_order_options.png b/education/windows/images/wsfb_win10_pro_education_order_options.png
deleted file mode 100644
index eaf93ece33..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_order_options.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_refund_confirmation.png b/education/windows/images/wsfb_win10_pro_education_refund_confirmation.png
deleted file mode 100644
index 4749dafc44..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_refund_confirmation.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_education_refund_order.png b/education/windows/images/wsfb_win10_pro_education_refund_order.png
deleted file mode 100644
index 813cfce309..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_education_refund_order.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_disable.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_disable.png
deleted file mode 100644
index 92aeb8ed19..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_disable.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png
deleted file mode 100644
index 177c6e36df..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png
deleted file mode 100644
index 8044a4cc91..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_enable.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_enable.png
deleted file mode 100644
index 420b44513f..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_enable.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_summary.png b/education/windows/images/wsfb_win10_pro_to proedu_upgrade_summary.png
deleted file mode 100644
index a507f56694..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to proedu_upgrade_summary.png and /dev/null differ
diff --git a/education/windows/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png b/education/windows/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png
deleted file mode 100644
index a30869b8ea..0000000000
Binary files a/education/windows/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png and /dev/null differ
diff --git a/education/windows/index.yml b/education/windows/index.yml
new file mode 100644
index 0000000000..8f01835c6d
--- /dev/null
+++ b/education/windows/index.yml
@@ -0,0 +1,103 @@
+### YamlMime:Landing
+
+title: Windows for Education documentation
+summary: Evaluate, plan, deploy, and manage Windows devices in an education environment
+
+metadata:
+ title: Windows for Education documentation
+ description: Learn about how to plan, deploy and manage Windows devices in an education environment with Microsoft Intune
+ ms.topic: landing-page
+ ms.prod: windows
+ ms.collection:
+ - education
+ - highpri
+ author: paolomatarazzo
+ ms.author: paoloma
+ ms.date: 08/10/2022
+ ms.reviewer:
+ manager: aaroncz
+ ms.localizationpriority: medium
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+ # Card (optional)
+
+landingContent:
+
+ - title: Get started
+ linkLists:
+ - linkListType: tutorial
+ links:
+ - text: Deploy and manage Windows devices in a school
+ url: tutorial-school-deployment/index.md
+ - text: Prepare your tenant
+ url: tutorial-school-deployment/set-up-azure-ad.md
+ - text: Configure settings and applications with Microsoft Intune
+ url: tutorial-school-deployment/configure-devices-overview.md
+ - text: Manage devices with Microsoft Intune
+ url: tutorial-school-deployment/manage-overview.md
+ - text: Management functionalities for Surface devices
+ url: tutorial-school-deployment/manage-surface-devices.md
+
+
+ - title: Learn about Windows 11 SE
+ linkLists:
+ - linkListType: concept
+ links:
+ - text: What is Windows 11 SE?
+ url: windows-11-se-overview.md
+ - text: Windows 11 SE settings
+ url: windows-11-se-settings-list.md
+ - linkListType: whats-new
+ links:
+ - text: Configure federated sign-in
+ url: federated-sign-in.md
+ - text: Configure education themes
+ url: edu-themes.md
+ - text: Configure Stickers
+ url: edu-stickers.md
+ - linkListType: video
+ links:
+ - text: Deploy Windows 11 SE using Set up School PCs
+ url: https://www.youtube.com/watch?v=Ql2fbiOop7c
+
+
+ - title: Deploy devices with Set up School PCs
+ linkLists:
+ - linkListType: concept
+ links:
+ - text: What is Set up School PCs?
+ url: set-up-school-pcs-technical.md
+ - linkListType: how-to-guide
+ links:
+ - text: Use the Set up School PCs app
+ url: use-set-up-school-pcs-app.md
+ - linkListType: reference
+ links:
+ - text: Provisioning package settings
+ url: set-up-school-pcs-provisioning-package.md
+ - linkListType: video
+ links:
+ - text: Use the Set up School PCs App
+ url: https://www.youtube.com/watch?v=2ZLup_-PhkA
+
+
+ - title: Configure devices
+ linkLists:
+ - linkListType: concept
+ links:
+ - text: Take tests and assessments in Windows
+ url: take-tests-in-windows.md
+ - text: Considerations for shared and guest devices
+ url: /windows/configuration/shared-devices-concepts?context=/education/context/context
+ - text: Change Windows editions
+ url: change-home-to-edu.md
+ - linkListType: how-to-guide
+ links:
+ - text: Configure Take a Test in kiosk mode
+ url: edu-take-a-test-kiosk-mode.md
+ - text: Configure Shared PC
+ url: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
+ - text: "Deploy Minecraft: Education Edition"
+ url: get-minecraft-for-education.md
\ No newline at end of file
diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md
index a09d48ae19..612de4cf4c 100644
--- a/education/windows/s-mode-switch-to-edu.md
+++ b/education/windows/s-mode-switch-to-edu.md
@@ -1,18 +1,8 @@
---
title: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
-description: Switching out of Windows 10 Pro in S mode to Windows 10 Pro Education in S mode. The S mode switch documentation describes the requirements and process for Switching to Windows 10 Pro Education in S mode.
-keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.prod: windows
-ms.sitesec: library
-ms.pagetype: edu
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how to switch out of Windows 10 Pro in S mode to Windows 10 Pro Education.
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index d209181213..9ff9ce8dcd 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -1,22 +1,12 @@
---
title: For IT administrators get Minecraft Education Edition
description: Learn how IT admins can get and distribute Minecraft in their schools.
-keywords: Minecraft, Education Edition, IT admins, acquire
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.localizationpriority: medium
-searchScope:
- - Store
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
-ms.topic: conceptual
+appliesto:
+ - ✅ Windows 10
+ms.collection:
+ - highpri
---
# For IT administrators - get Minecraft: Education Edition
@@ -24,14 +14,11 @@ ms.topic: conceptual
When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription, Minecraft: Education Edition will be added to the inventory in your Microsoft Admin Center which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Admin Center is only displayed to members of your organization with administrative roles.
>[!Note]
->If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you request Minecraft: Education Edition. For more information, see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
+>If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you purchase Minecraft: Education Edition. For more information, see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
## Settings for Microsoft 365 A3 or Microsoft 365 A5 customers
-Schools that purchased these products have an extra option for making Minecraft: Education Edition available to their students:
-
-- Microsoft 365 A3 or Microsoft 365 A5
-- Minecraft: Education Edition
+Schools that purchased Microsoft 365 A3 or Microsoft 365 A5 have an extra option for making Minecraft: Education Edition available to their students:
If your school has these products in your tenant, admins can choose to enable Minecraft: Education Edition for students using Microsoft 365 A3 or Microsoft 365 A5. From the left-hand menu in Microsoft Admin Center, select Users. From the Users list, select the users you want to add or remove for Minecraft: Education Edition access. Add the relevant A3 or A5 license if it hasn't been assigned already.
@@ -53,16 +40,16 @@ If you’ve been approved and are part of the Enrollment for Education Solutions
1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **How to Buy** in the top navigation bar.
2. Scroll down and select **Buy Now** under Direct Purchase.
-
-3. This will route you to the purchase page in the Microsoft Admin center. You will need to log in to your Administrator account.
-4. If necessary, fill in any requested organization or payment information
+3. This will route you to the purchase page in the Microsoft Admin center. You will need to log in to your Administrator account.
-5. Select the quantity of licenses you would like to purchase and select **Place Order**.
+4. If necessary, fill in any requested organization or payment information.
-6. After you’ve purchased licenses, you’ll need to [assign them to users in the Admin Center](https://docs.microsoft.com/microsoft-365/admin/manage/assign-licenses-to-users)
+5. Select the quantity of licenses you would like to purchase and select **Place Order**.
-If you need additional licenses for **Minecraft: Education Edition**, see [Buy or remove subscription licenses](https://docs.microsoft.com/microsoft-365/commerce/licenses/buy-licenses).
+6. After you’ve purchased licenses, you’ll need to [assign them to users in the Admin Center](/microsoft-365/admin/manage/assign-licenses-to-users).
+
+If you need additional licenses for **Minecraft: Education Edition**, see [Buy or remove subscription licenses](/microsoft-365/commerce/licenses/buy-licenses).
### Minecraft: Education Edition - volume licensing
@@ -94,16 +81,18 @@ Invoices are now a supported payment method for Minecraft: Education Edition. Th
2. Select the Invoice option, and provide the info needed for an invoice. The **PO number** item allows you to add a tracking number or info that is meaningful to your organization.
- 
+ 
-For more info on invoices and how to pay by invoice, see [How to pay for your subscription](https://docs.microsoft.com/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?).
+For more info on invoices and how to pay by invoice, see [How to pay for your subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?).
## Distribute Minecraft
-After Minecraft: Education Edition is added to your Microsoft Admin Center inventory, you can [assign these licenses to your users](https://docs.microsoft.com/microsoft-365/admin/manage/assign-licenses-to-users) or [download the app](https://aka.ms/downloadmee).
+After Minecraft: Education Edition is added to your Microsoft Admin Center inventory, you can [assign these licenses to your users](/microsoft-365/admin/manage/assign-licenses-to-users) or [download the app](https://aka.ms/downloadmee).
## Learn more
-[About Intune Admin roles in the Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac)
+
+[About Intune Admin roles in the Microsoft 365 admin center](/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac)
## Related topics
+
[Get Minecraft: Education Edition](get-minecraft-for-education.md)
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index b7a35b9784..6eba776f7d 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -1,18 +1,8 @@
---
title: Azure AD Join with Set up School PCs app
-description: Describes how Azure AD Join is configured in the Set up School PCs app.
-keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how Azure AD Join is configured in the Set up School PCs app.
+ms.topic: article
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -27,8 +17,7 @@ appliesto:
Set up School PCs lets you create a provisioning package that automates Azure AD
Join on your devices. This feature eliminates the need to manually:
-- Connect to your school’s network.
-
+- Connect to your school's network.
- Join your organization's domain.
## Automated connection to school domain
@@ -37,8 +26,8 @@ During initial device setup, Azure AD Join automatically connects your PCs to yo
Students who sign in to their PCs with their Azure AD credentials get access to on-premises apps and the following cloud apps:
* Office 365
-* OneDrive
-* OneNote.
+* OneDrive
+* OneNote
## Enable Azure AD Join
@@ -51,7 +40,7 @@ Active Directory** \> **Devices** \> **Device settings**.
for Azure AD by selecting **All** or **Selected**. If you choose the latter
option, select the teachers and IT staff to allow them to connect to Azure AD.
-
+
You can also create an account that holds the exclusive rights to join devices. When a student PC has to be set up, provide the account credentials to the appropriate teachers or staff.
@@ -73,7 +62,7 @@ The following table describes each setting within **Device Settings**.
Your Intune tenant can only have 500 active Azure AD tokens, or packages, at a time. You'll receive a notification in the Intune portal when you reach 500 active tokens.
To reduce your inventory, clear out all unnecessary and inactive tokens.
-1. Go to **Azure Active Directory** \> **Users** \> **All users**
+1. Go to **Azure Active Directory** > **Users** > **All users**
2. In the **User Name** column, select and delete all accounts with a **package\ _**
prefix. These accounts are created at a 1:1 ratio for every token and are safe
to delete.
@@ -82,18 +71,12 @@ to delete.
### How do I know if my package expired?
Automated Azure AD tokens expire after 180 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts.
-
+
## Next steps
Learn more about setting up devices with the Set up School PCs app.
* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
-* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
* [Set up Windows 10 devices for education](set-up-windows-10.md)
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
-
-
-
-
-
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
\ No newline at end of file
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 3aeb7d738c..ffee7c5880 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -1,29 +1,20 @@
---
title: What's in Set up School PCs provisioning package
-description: Lists the provisioning package settings that are configured in the Set up School PCs app.
-keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: List of the provisioning package settings that are configured in the Set up School PCs app.
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
appliesto:
- ✅ Windows 10
---
# What's in my provisioning package?
-The Set up School PCs app builds a specialized provisioning package with school-optimized settings.
-A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp) article.
+The Set up School PCs app builds a specialized provisioning package with school-optimized settings.
+
+A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [Manage multi-user and guest Windows devices with Shared PC](/windows/configuration/shared-pc-technical) article.
## Shared PC Mode policies
-This table outlines the policies applied to devices in shared PC mode. If you [selected to optimize a device for use by a single student](set-up-school-pcs-shared-pc-mode.md#optimize-device-for-use-by-a-single-student), the table notes the differences. Specifically, you'll see differences in the following policies:
+This table outlines the policies applied to devices in shared PC mode. If you select to optimize a device for use by a single student, you'll see differences in the following policies:
* Disk level deletion
* Inactive threshold
* Restrict local storage
@@ -128,7 +119,6 @@ Review the table below to estimate your expected provisioning time. A package th
## Next steps
Learn more about setting up devices with the Set up School PCs app.
* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
-* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
* [Set up Windows 10 devices for education](set-up-windows-10.md)
diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md
deleted file mode 100644
index e007d4957b..0000000000
--- a/education/windows/set-up-school-pcs-shared-pc-mode.md
+++ /dev/null
@@ -1,79 +0,0 @@
----
-title: Shared PC mode for school devices
-description: Describes how shared PC mode is set for devices set up with the Set up School PCs app.
-keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
----
-
-# Shared PC mode for school devices
-
-Shared PC mode optimizes Windows 10 for shared use scenarios, such as classrooms and school libraries. A Windows 10 PC in shared PC mode requires minimal to zero maintenance and management. Update settings are optimized for classroom settings, so that they automatically occur outside of school hours.
-
-Shared PC mode can be applied on devices running:
-* Windows 10 Pro
-* Windows 10 Pro Education
-* Windows 10 Education
-* Windows 10 Enterprise
-
-To learn more about how to set up a device in shared PC mode, see [Set up a shared or guest PC with Windows 10](/windows/configuration/set-up-shared-or-guest-pc).
-
-## Windows Updates
-Shared PC mode configures power and Windows Update settings so that computers update regularly. Computers that are set up through the Set up School PCs app are configured to:
-* Wake nightly.
-* Check for and install updates.
-* Forcibly reboot, when necessary, to complete updates.
-
-These configurations reduce the need to update and reboot computers during daytime work hours. Notifications about needed updates are also blocked from disrupting students.
-
-## Default admin accounts in Azure Active Directory
-By default, the account that joins your computer to Azure AD will be given admin permissions on the computer. Global administrators in the joined Azure AD domain will also have admin permissions when signed in to the joined computer.
-
-An Azure AD Premium subscription lets you specify the accounts that get admin accounts on a computer. These accounts are configured in Intune in the Azure portal.
-
-## Account deletion policies
-This section describes the deletion behavior for the accounts configured in shared PC mode. A delete policy makes sure that outdated or stale accounts are regularly removed to make room for new accounts.
-
-### Azure AD accounts
-
-The default deletion policy is set to automatically cache accounts. Cached accounts are automatically deleted when disk space gets too low, or when there's an extended period of inactivity. Accounts continue to delete until the computer reclaims sufficient disk space. Deletion policies behave the same for Azure AD and Active Directory domain accounts.
-
-### Guest and Kiosk accounts
-Guest accounts and accounts created through Kiosk are deleted after they sign out of their account.
-
-### Local accounts
-Local accounts that you created before enabling shared PC mode aren't deleted. Local accounts that you create through the following path, after enabling PC mode, are not deleted: **Settings** app > **Accounts** > **Other people** > **Add someone**
-
-## Create custom Windows images
-Shared PC mode is compatible with custom Windows images.
-
-To create a compatible image, first create your custom Windows image with all software, updates, and drivers. Then use the System Preparation (Sysprep) tool with the `/oobe` flag to create the SharedPC-compatible version. For example, `sysrep/oobe`.
-
-Teachers can then run the Set up School PCs package on the computer.
-
-## Optimize device for use by a single student
-Shared PC mode is enabled by default. This mode optimizes device settings for schools where PCs are shared by students. The Set up School PCs app also offers the option to configure settings for devices that aren't shared.
-
-If you select this setting, the app modifies shared PC mode so that it's appropriate for a single device. To see how the settings differ, refer to the Shared PC mode policy table in the article [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
-1. In the app, go to the **Create package** > **Settings** step.
-2. Select **Optimize device for a single student, instead of a shared cart or lab**.
-
-## Next steps
-Learn more about setting up devices with the Set up School PCs app.
-* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
-* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
-* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
-* [Set up Windows 10 devices for education](set-up-windows-10.md)
-
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
\ No newline at end of file
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 6dbdf70186..9f2ecc9d8e 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -1,32 +1,19 @@
---
title: Set up School PCs app technical reference overview
description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
-keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: conceptual
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
# What is Set up School PCs?
-The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The
-app, which is available for Windows 10 version 1703 and later, configures and saves
-school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs.
+The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The app, which is available for Windows 10 version 1703 and later, configures and saves school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs.
If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up
School PCs app will create a setup file. This file joins the PC to your Azure Active Directory tenant. The app also helps set up PCs for use with or without Internet connectivity.
-
## Join PC to Azure Active Directory
If your school uses Azure Active Directory (Azure AD) or Office 365, the Set up
School PCs app creates a setup file that joins your PC to your Azure Active
@@ -37,24 +24,24 @@ The app also helps set up PCs for use with or without Internet connectivity.
## List of Set up School PCs features
The following table describes the Set up School PCs app features and lists each type of Intune subscription. An X indicates that the feature is available with the specific subscription.
-| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium |
-|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------|
-| **Fast sign-in** | X | X | X | X |
-| Students sign in and start using the computer in under a minute, even on initial sign-in. | | | | |
-| **Custom Start experience** | X | X | X | X |
-| Necessary classroom apps are pinned to Start and unnecessary apps are removed. | | | | |
-| **Guest account, no sign-in required** | X | X | X | X |
-| Set up computers for use by anyone with or without an account. | | | | |
-| **School policies** | X | X | X | X |
-| Settings create a relevant, useful learning environment and optimal computer performance. | | | | |
-| **Azure AD Join** | | X | X | X |
-| Computers join with your existing Azure AD or Office 365 subscription for centralized management. | | | | |
-| **Single sign-on to Office 365** | | | X | X |
-| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. | | | | |
-| **Take a Test app** | | | | X |
-| Administer quizzes and assessments through test providers such as Smarter Balanced. | | | | |
-| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Azure AD** | | | | X |
-| Synchronize student and application data across devices for a personalized experience. | | | | |
+| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium |
+|--------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------|
+| **Fast sign-in** | X | X | X | X |
+| Students sign in and start using the computer in under a minute, even on initial sign-in. | | | | |
+| **Custom Start experience** | X | X | X | X |
+| Necessary classroom apps are pinned to Start and unnecessary apps are removed. | | | | |
+| **Guest account, no sign-in required** | X | X | X | X |
+| Set up computers for use by anyone with or without an account. | | | | |
+| **School policies** | X | X | X | X |
+| Settings create a relevant, useful learning environment and optimal computer performance. | | | | |
+| **Azure AD Join** | | X | X | X |
+| Computers join with your existing Azure AD or Office 365 subscription for centralized management. | | | | |
+| **Single sign-on to Office 365** | | | X | X |
+| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. | | | | |
+| **Take a Test app** | | | | X |
+| Administer quizzes and assessments through test providers such as Smarter Balanced. | | | | |
+| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Azure AD** | | | | X |
+| Synchronize student and application data across devices for a personalized experience. | | | | |
> [!NOTE]
> If your school uses Active Directory, use [Windows Configuration
@@ -62,12 +49,9 @@ The following table describes the Set up School PCs app features and lists each
> to configure your PCs to join the domain. You can only use the Set up School
> PCs app to set up PCs that are connected to Azure AD.
-
-
## Next steps
Learn more about setting up devices with the Set up School PCs app.
* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
-* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
* [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
* [Set up Windows 10 devices for education](set-up-windows-10.md)
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
index fce328a1c0..c36b901f8f 100644
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@@ -1,18 +1,8 @@
---
title: What's new in the Windows Set up School PCs app
description: Find out about app updates and new features in Set up School PCs.
-keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: whats-new
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
- ✅ Windows 11
@@ -104,7 +94,6 @@ The Skype and Messaging apps are part of a selection of apps that are, by defaul
## Next steps
Learn how to create provisioning packages and set up devices in the app.
* [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
-* [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
* [Set up Windows 10 devices for education](set-up-windows-10.md)
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index 32f97bf4b3..16f670b6fa 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -1,17 +1,8 @@
---
title: Set up student PCs to join domain
-description: Learn how to use Configuration Designer to provision student devices to join Active Directory.
-keywords: school, student PC setup, Windows Configuration Designer
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how to use Windows Configuration Designer to provision student devices to join Active Directory.
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -43,7 +34,7 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
**Figure 7** - Add the account to use for test-taking
- 
+ 
The account can be in one of the following formats:
- username
@@ -64,9 +55,5 @@ Follow the steps in [Provision PCs with common settings for initial deployment (
> [!IMPORTANT]
> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
## Apply package
-Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created.
-
-
-
+Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created.
\ No newline at end of file
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 840dd7836b..679bb7206f 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -1,14 +1,8 @@
---
title: Provision student PCs with apps
-description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory.
-ms.prod: windows
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how to use Windows Configuration Designer to easily provision student devices to join Active Directory.
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -24,193 +18,6 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
- If you want to provision a school PC to join Azure AD, set up the PC using the steps in [Use Set up School PCs App](use-set-up-school-pcs-app.md). Set up School PCs now lets you add recommended apps from the Store so you can add these apps while you're creating your package through Set up School PCs. You can also follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps) if you want to add apps to student PCs after initial setup with the Set up School PCs package.
-
-
## Learn more
-[Develop Universal Windows Education apps](/windows/uwp/apps-for-education/)
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
index a9e53b4beb..c137703898 100644
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@@ -1,18 +1,8 @@
---
title: Set up Windows devices for education
description: Decide which option for setting up Windows 10 is right for you.
-keywords: school, Windows device setup, education device setup
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: article
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -27,8 +17,7 @@ Choose the tool that is appropriate for how your students will sign in (Active D
You can use the following diagram to compare the tools.
-
-
+
## In this section
@@ -37,12 +26,7 @@ You can use the following diagram to compare the tools.
- [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
- [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
-
## Related topics
-[Take tests in Windows 10](take-tests-in-windows-10.md)
-
-[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
-
-
-
+[Take tests in Windows](take-tests-in-windows.md)
+[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
\ No newline at end of file
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index dd064677bf..9b5498d558 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -1,41 +1,34 @@
---
title: Take a Test app technical reference
-description: The policies and settings applied by the Take a Test app.
-keywords: take a test, test taking, school, policies
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
+description: List of policies and settings applied by the Take a Test app.
+ms.date: 09/30/2022
+ms.topic: reference
appliesto:
- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
---
-# Take a Test app technical reference
+# Take a Test app technical reference
-Take a Test is an app that locks down the PC and displays an online assessment web page.
+Take a Test is an application that locks down a device and displays an online assessment web page.
-Whether you're a teacher or IT administrator, you can easily configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment for more secure online assessments. This environment means that students taking the tests that don’t have copy/paste privileges, can’t access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher’s preferred assessment website to deliver digital assessments
+Whether you're a teacher or IT administrator, you can configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment. This environment means that students taking the tests that don't have copy/paste privileges, can't access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher's preferred assessment website to deliver digital assessments.
Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](https://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](/windows/uwp/apps-for-education/take-a-test-api).
-## PC lockdown for assessment
+## PC lock-down for assessment
- When the assessment page initiates lock down, the student’s desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app . After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lockdown. The lockdown process is atomic, which means that if any part of the lockdown operation fails, the app won't be above lock and won't have any of the policies applied.
+ When the assessment page initiates lock-down, the student's desktop will be locked and the app will be launched above the Windows lock screen to provide a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test will apply local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.
When running above the lock screen:
-- The app runs full screen with no chrome
-- The hardware print screen button is disabled
-- Depending on the parameter you set through the schema or dedicated account, content within the app will show up as black in screen capturing/sharing software
-- System clipboard is cleared
-- Web apps can query the processes currently running in the user’s device
-- Extended display shows up as black
+
+- The app runs full screen with no chrome
+- The hardware print screen button is disabled
+- Depending on the parameter you set through the schema or dedicated account, content within the app will show up as black in screen capturing/sharing software
+- System clipboard is cleared
+- Web apps can query the processes currently running in the user's device
+- Extended display shows up as black
- Auto-fill is disabled
## Mobile device management (MDM) policies
@@ -45,7 +38,7 @@ When Take a Test is running, the following MDM policies are applied to lock down
| Policy | Description | Value |
|---|---|---|
| AllowToasts | Disables toast notifications from being shown | 0 |
-| AllowAppStoreAutoUpdate | Disables automatic updates for Microsoft Store apps that are installed on the PC | 0 |
+| AllowAppStoreAutoUpdate | Disables automatic updates for Store apps that are installed on the PC | 0 |
| AllowDeviceDiscovery | Disables UI for screen sharing | 0 |
| AllowInput Panel | Disables the onscreen keyboard, which will disable auto-fill | 0 |
| AllowCortana | Disables Cortana functionality | 0 |
@@ -67,41 +60,42 @@ To ensure Take a Test activates correctly, make sure the following Group Policy
When Take a Test is running, the following functionality is available to students:
-- Assistive technology that is configured to run above the lock screen should run as expected
-- Narrator is available through Windows key + Enter
-- Magnifier is available through Windows key + "+" key
-
- - Full screen mode is compatible
-
-- The student can press Alt+Tab when locked down. This key press results in the student being able to switch between the following elements:
-
- - Take a Test
- - Assistive technology that may be running
+- Assistive technology that is configured to run above the lock screen should run as expected
+- Narrator is available through Win+Enter
+- Magnifier is available through Win++
+- The student can press Alt+Tab when locked down. This key press results in the student being able to switch between the following elements:
+ - Take a Test
+ - Assistive technology that may be running
- Lock screen (not available if student is using a dedicated test account)
- > [!NOTE]
- > The app will exit if the student signs in to an account from the lock screen. Progress made in the test may be lost or invalidated.
-
-- The student can exit the test by pressing one of the following key combinations:
-
- - Ctrl+Alt+Del
-
- On Windows 10 Enterprise or Windows 10 Education versions, IT admins can choose to block this functionality by configuring a [keyboard filter](/windows-hardware/customize/enterprise/keyboardfilter).
-
- - Alt+F4 (Take a Test will restart if the student is using a dedicated test account)
-
- > [!NOTE]
- > Alt+F4 is disabled in Windows 10, version 1703 (Creators Update) and later.
+ > [!NOTE]
+ > The app will exit if the student signs in to an account from the lock screen.
+ > Progress made in the test may be lost or invalidated.
+- The student can exit the test by pressing Ctrl+Alt+Delete
## Permissive mode
-Starting with Windows 10, version 1709 (Fall Creators Update), assessments can now run in permissive mode. This mode enables students who need access to other apps, like accessibility tools, to use the apps.
+This mode enables students who need access to other apps, like accessibility tools, to use the apps.
-When permissive mode is triggered in lockdown mode, Take a Test transitions from lockdown mode to running windows mode on the user's desktop. The student can then run allowed apps during the test.
+When permissive mode is triggered in lock-down mode, Take a Test transitions from lock-down mode to running windows mode on the user's desktop. The student can then run allowed apps during the test.
When running tests in this mode, keep the following points in mind:
-- Permissive mode isn't supported in kiosk mode (dedicated test account).
-- Permissive mode can be triggered from the web app running within Take a Test. Alternatively, you can create a link or shortcut without "#enforcelockdown" and it will launch in permissive mode.
+- Permissive mode isn't supported in kiosk mode (dedicated test account)
+- Permissive mode can be triggered from the web app running within Take a Test. Alternatively, you can create a link or shortcut without "#enforcelockdown" and it will launch in permissive mode
+
+## Troubleshoot Take a Test with the event viewer
+
+You can use the Event Viewer to view Take a Test events and errors. Take a Test logs events when a lock-down request has been received, device enrollment has succeeded, lock-down policies were successfully applied, and more.
+
+To enable viewing events in the Event Viewer:
+
+1. Open the `Event Viewer`
+1. Navigate to `Applications and Services Logs > Microsoft > Windows > Management-SecureAssessment`
+1. Select `Operational` > `Enable Log`
+
+To save the event logs:
+
+1. Select `Operational` > `Save All Events As…`
## Learn more
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
deleted file mode 100644
index e6daee3daa..0000000000
--- a/education/windows/take-a-test-multiple-pcs.md
+++ /dev/null
@@ -1,278 +0,0 @@
----
-title: Set up Take a Test on multiple PCs
-description: Learn how to set up and use the Take a Test app on multiple PCs.
-keywords: take a test, test taking, school, set up on multiple PCs
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
----
-
-# Set up Take a Test on multiple PCs
-
-Many schools use online testing for formative and summation assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test.
-
-Follow the guidance in this topic to set up Take a Test on multiple PCs.
-
-## Set up a dedicated test account
-To configure a dedicated test account on multiple PCs, select any of the following methods:
-- [Provisioning package created through the Set up School PCs app](#set-up-a-test-account-in-the-set-up-school-pcs-app)
-- [Configuration in Intune for Education](#set-up-a-test-account-in-intune-for-education)
-- [Mobile device management (MDM) or Microsoft Endpoint Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager)
-- [Provisioning package created through Windows Configuration Designer](#set-up-a-test-account-through-windows-configuration-designer)
-- [Group Policy to deploy a scheduled task that runs a PowerShell script](#create-a-scheduled-task-in-group-policy)
-
-### Set up a test account in the Set up School PCs app
-If you want to set up a test account using the Set up School PCs app, configure the settings in the **Set up the Take a Test app** page in the Set up School PCs app. Follow the instructions in [Use the Set up School PCs app](use-set-up-school-pcs-app.md) to configure the test-taking account and create a provisioning package.
-
-If you set up Take a Test, the **Take a Test** button is added on the student PC's sign-in screen. Windows will also lock down the student PC so that students can't access anything else while taking the test.
-
-**Figure 1** - Configure Take a Test in the Set up School PCs app
-
-
-
-### Set up a test account in Intune for Education
-You can set up a test-taking account in Intune for Education. To do this, follow these steps:
-
-1. In Intune for Education, select **Take a Test profiles** from the menu.
-2. Click **+ Add Test Profile** to create an account.
-
- **Figure 2** - Add a test profile in Intune for Education
-
- 
-
-3. In the new profile page:
- 1. Enter a name for the profile.
- 2. Enter the assessment URL.
- 3. Toggle the switch to **Allow screen capture**.
- 4. Select a user account to use as the test-taking account.
- 5. Click **Save**.
-
- **Figure 3** - Add information about the test profile
-
- 
-
- After you save the test profile, you'll see a summary of the settings that you configured for Take a Test. Next, you'll need to assign the test profile to a group that will be using the test account.
-
-4. In the test account page, click **Groups**.
-
- **Figure 4** - Assign the test account to a group
-
- 
-
-5. In the **Groups** page, click **Change group assignments**.
-
- **Figure 5** - Change group assignments
-
- 
-
-6. In the **Change group assignments** page:
- 1. Select a group from the right column and click **Add Members** to select the group and assign the test-taking account to that group. You can select more than one group.
- 2. Click **OK** when you're done making your selection.
-
- **Figure 6** - Select the group(s) that will use the test account
-
- 
-
-And that's it! When the students from the selected group sign in to the student PCs using the Take a Test user name that you selected, the PC will be locked down and Take a Test will open the assessment URL and students can start taking tests.
-
-### Set up a test account in MDM or Configuration Manager
-You can configure a dedicated testing account through MDM or Configuration Manager by specifying a single account in the directory to be the test-taking account. Devices that have the test-taking policies can sign into the specified account to take the test.
-
-**Best practice**
-- Create a single account in the directory specifically for test taking
- - Active Directory example: Contoso\TestAccount
- - Azure Active Directory example: testaccount@contoso.com
-
-- Deploy the policies to the group of test-taking devices
-
-**To enable this configuration**
-
-1. Launch your management console.
-2. Create a policy to set up single app kiosk mode using the following values:
-
- - **Custom OMA-DM URI** = ./Vendor/MSFT/AssignedAccess/KioskModeApp
- - **String value** = {"*Account*":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}
-
- *Account* can be in one of the following formats:
- - username (not recommended)
- - domain\username
- - computer name\\username (not recommended)
- - username@tenant.com
-
-3. Create a policy to configure the assessment URL using the following values:
-
- - **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/LaunchURI
- - **String value** = *assessment URL*
-
- See [Assessment URLs](#assessment-urls) for more information.
-
-4. Create a policy that associates the assessment URL to the account using the following values:
-
- - **Custom OMA-DM URI** = ./Vendor/MSFT/SecureAssessment/TesterAccount
- - **String value** = Enter the account that you specified in step 2, using the same account format.
-
-5. Deploy the policies to the test-taking devices.
-6. To take the test, the student signs in to the test account.
-
-### Set up a test account through Windows Configuration Designer
-To set up a test account through Windows Configuration Designer, follow these steps.
-
-1. [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
-2. Create a provisioning package by following the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment). However, make a note of these other settings to customize the test account.
- 1. After you're done with the wizard, don't click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtime settings**.
- 2. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
- 3. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
-
- **Figure 7** - Add the account to use for test-taking
-
- 
-
- The account can be in one of the following formats:
- - username
- - domain\username
- - computer name\\username
- - username@tenant.com
-
- 4. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
- - In **LaunchURI**, enter the assessment URL.
- - In **TesterAccount**, enter the test account you entered in step 3.
-
-3. Follow the steps to [build a package](/windows/configuration/provisioning-packages/provisioning-create-package#build-package).
-
- - You'll see the file path for your provisioning package. By default, this is set to %windir%\Users\*your_username\Windows Imaging and Configuration Designer (WICD)\*Project name).
- - Copy the provisioning package to a USB drive.
-
-4. Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created.
-
-### Set up a tester account in Group Policy
-To set up a tester account using Group Policy, first create a PowerShell script that configures the tester account and assessment URL, and then create a scheduled task to run the script.
-
-#### Create a PowerShell script
-This sample PowerShell script configures the tester account and the assessment URL. Edit the sample to:
-
-- Use your assessment URL for **$obj.LaunchURI**
-- Use your tester account for **$obj.TesterAccount**
-- Use your tester account for **-UserName**
-
->[!NOTE]
->The account that you specify for the tester account must already exist on the device. For steps to create the tester account, see [Set up a dedicated test account](./take-a-test-single-pc.md#set-up-a-dedicated-test-account).
-
-```powershell
-$obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'";
-$obj.LaunchURI='https://www.foo.com';
-$obj.TesterAccount='TestAccount';
-$obj.put()
-Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount
-```
-
-#### Create a scheduled task in Group Policy
-1. Open the Group Policy Management Console.
-2. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click **Edit**.
-3. In the console tree under **Computer Configuration** or **User Configuration**, go to **Preferences** > **Control Panel Settings**.
-4. Right-click **Scheduled Tasks**, point to **New**, and select **Scheduled Task**.
-5. In the **New Scheduled Task Properties** dialog box, click **Change User or Group**.
-6. In the **Select User or Group** dialog box, click **Advanced**.
-7. In the **Advanced** dialog box, click **Find Now**.
-8. Select **System** in the search results
-9. Go back to the **Properties** dialog box and select **Run with highest privileges** under **Security options**.
-10. Specify the operating system in the **Configure for** field.
-11. Navigate to the **Actions** tab.
-12. Create a new **Action**.
-13. Configure the action to **Start a program**.
-14. In the **Program/script** field, enter **powershell**.
-15. In the **Add arguments** field, enter **-file "\"**.
-16. Click **OK**.
-17. Navigate to the **Triggers** tab and create a new trigger.
-18. Specify the trigger to be **On a schedule**.
-19. Specify the trigger to be **One time**.
-20. Specify the time the trigger should start.
-21. Click **OK**.
-22. In the **Settings** tab, select **Run task as soon as possible after a scheduled start is missed**.
-23. Click **OK**.
-
-## Provide link to test
-Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments.
-
-**To provide a link to the test**
-
-1. Create the link to the test using schema activation.
- - Create a link using a web UI
-
- For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this option for teachers.
-
- To get started, navigate to: [Create a link using a web UI](https://aka.ms/create-a-take-a-test-link).
-
- - Create a link using schema activation
-
- You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable.
-
- For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
-
-2. Distribute the link.
-
- Once the links are created, you can distribute them through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link. For more info, see [Create a shortcut for the test link](#create-a-shortcut-for-the-test-link).
-
-3. To take the test, have the students click on the link and provide user consent.
-
-### Create a link using schema activation
-One of the ways you can present content in a locked down manner is by embedding a URL with a specific prefix. Once users click the URL, devices will be locked down.
-
-**To enable schema activation for assessment URLs**
-
-1. Embed a link or create a desktop shortcut with:
-
- ```http
- ms-edu-secureassessment:#enforceLockdown
- ```
-
-2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
-
- - `&enableTextSuggestions` - Enables text suggestions
- - `&requirePrinting` - Enables printing
- - `&enableScreenCapture` - Enables screen capture
- - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability.
-
- If you exclude these parameters, the default behavior is disabled.
-
- For tests that utilize the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that aren't allowed to run during lockdown. The test web application may lock down the device once you've closed the apps.
-
- > [!NOTE]
- > The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:!enforcelockdown` is still supported, but not in combination with the new parameters.
-
-3. To enable permissive mode, don't include `enforceLockdown` in the schema parameters.
-
- For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode).
-
-### Create a shortcut for the test link
-You can also distribute the test link by creating a shortcut. To create the shortcut, create the link to the test by either using the [web UI](https://aka.ms/create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
-
-1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**.
-2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**.
-3. Click **Next**.
-4. Type a name for the shortcut and then click **Finish**.
-
-Once the shortcut is created, you can copy it and distribute it to students.
-
-
-## Assessment URLs
-This assessment URL uses our lockdown API:
-- SBAC/AIR: [https://mobile.tds.airast.org/launchpad/](https://mobile.tds.airast.org/launchpad/).
-
-
-## Related topics
-
-[Take tests in Windows 10](take-tests-in-windows-10.md)
-
-[Set up Take a Test on a single PC](take-a-test-single-pc.md)
-
-[Take a Test app technical reference](take-a-test-app-technical.md)
\ No newline at end of file
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
deleted file mode 100644
index 2dcc9c525c..0000000000
--- a/education/windows/take-a-test-single-pc.md
+++ /dev/null
@@ -1,134 +0,0 @@
----
-title: Set up Take a Test on a single PC
-description: Learn how to set up and use the Take a Test app on a single PC.
-keywords: take a test, test taking, school, set up on single PC
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
----
-# Set up Take a Test on a single PC
-
-To configure [Take a Test](take-tests-in-windows-10.md) on a single PC, follow the guidance in this topic.
-
-## Set up a dedicated test account
-To configure the assessment URL and a dedicated testing account on a single PC, follow these steps.
-
-1. Sign into the Windows 10 device with an administrator account.
-2. Open the **Settings** app and go to **Accounts > Access work or school**.
-3. Click **Set up an account for taking tests**.
-
- **Figure 1** - Use the Settings app to set up a test-taking account
-
- 
-
-4. In the **Set up an account for taking tests** window, choose an existing account to use as the dedicated testing account.
-
- **Figure 2** - Choose the test-taking account
-
- 
-
- > [!NOTE]
- > If you don't have an account on the device, you can create a new account. To do this, go to **Settings > Accounts > Other people > Add someone else to this PC > I don’t have this person’s sign-in information > Add a user without a Microsoft account**.
-
-5. In the **Set up an account for taking tests**, enter the assessment URL in the field under **Enter the test's web address**.
-6. Select the options you want to enable during the test.
- - To enable printing, select **Require printing**.
-
- > [!NOTE]
- > Make sure a printer is preconfigured on the Take a Test account if you're enabling this option.
-
- - To enable teachers to monitor screens, select **Allow screen monitoring**.
- - To allow text suggestions, select **Allow text suggestions**.
-
-7. Click **Save**.
-8. To take the test, the student must sign in using the test-taking account that you created.
-
-## Provide a link to the test
-Anything hosted on the web can be presented in a locked down manner, not just assessments. To lock down online content, just embed a URL with a specific prefix and devices will be locked down when users follow the link. We recommend using this method for lower stakes assessments.
-
-**To provide a link to the test**
-
-1. Create the link to the test.
-
- There are different ways you can do this:
- - Create a link using a web UI
-
- For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
-
- To get started, go here: [Create a link using a web UI](https://aka.ms/create-a-take-a-test-link).
-
- - Create a link using schema activation
-
- You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable.
-
- For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
-
-2. Distribute the link.
-
- Once the links are created, you can distribute them through the web, email, OneNote, or any other method of your choosing.
-
- You can also create shortcuts to distribute the link. For more info, see [Create a shortcut for the test link](#create-a-shortcut-for-the-test-link).
-
-3. To take the test, have the students click on the link and provide user consent.
-
- > [!NOTE]
- > If you enabled printing, the printer must be preconfigured for the account before the student takes the test.
-
-
-### Create a link using schema activation
-One of the ways you can present content in a locked down manner is by embedding a URL with a specific prefix. Once users click the URL, devices will be locked down.
-
-**To enable schema activation for assessment URLs**
-
-1. Embed a link or create a desktop shortcut with:
-
- ```
- ms-edu-secureassessment:#enforceLockdown
- ```
-
-2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
-
- - `&enableTextSuggestions` - Enables text suggestions
- - `&requirePrinting` - Enables printing
- - `&enableScreenCapture` - Enables screen capture
- - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability.
-
- If you exclude these parameters, the default behavior is disabled.
-
- For tests that utilizes the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps.
-
- > [!NOTE]
- > The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:!enforcelockdown` is still supported, but not in combination with the new parameters.
-
-3. To enable permissive mode, do not include `enforceLockdown` in the schema parameters.
-
- For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode).
-
-
-### Create a shortcut for the test link
-You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://aka.ms/create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
-
-1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**.
-2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**.
-3. Click **Next**.
-4. Type a name for the shortcut and then click **Finish**.
-
-Once the shortcut is created, you can copy it and distribute it to students.
-
-
-## Related topics
-[Take tests in Windows 10](take-tests-in-windows-10.md)
-
-[Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
-
-[Take a Test app technical reference](take-a-test-app-technical.md)
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
deleted file mode 100644
index e0e44e51c8..0000000000
--- a/education/windows/take-tests-in-windows-10.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-title: Take tests in Windows 10
-description: Learn how to set up and use the Take a Test app.
-keywords: take a test, test taking, school, how to, use Take a Test
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
----
-
-# Take tests in Windows 10
-
-Many schools use online testing for formative and summative assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. The **Take a Test** app in Windows 10 creates the right environment for taking a test:
-
-- Take a Test shows just the test and nothing else.
-- Take a Test clears the clipboard.
-- Students aren’t able to go to other websites.
-- Students can’t open or access other apps.
-- Students can't share, print, or record their screens unless enabled by the teacher or IT administrator
-- Students can’t change settings, extend their display, see notifications, get updates, or use autofill features.
-- Cortana is turned off.
-
-## How to use Take a Test
-
-
-
-There are several ways to configure devices for assessments, depending on your use case:
-
-- For higher stakes testing such as mid-term exams, you can set up a device with a dedicated testing account and URL.
-- For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing.
-
-1. **Configure an assessment URL and a dedicated testing account**
-
- In this configuration, a user signs into in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
-
- There are different methods to configure the assessment URL and a dedicated testing account depending on whether you're setting up Take a Test on a single PC or multiple PCs.
-
- - **For a single PC**
-
- You can use the Windows 10 **Settings** application. For more info, see [Set up Take a Test on a single PC](take-a-test-single-pc.md).
-
- - **For multiple PCs**
-
- You can use any of these methods:
- - Mobile device management (MDM) or Microsoft Endpoint Configuration Manager
- - A provisioning package created in Windows Configuration Designer
- - Group Policy to deploy a scheduled task that runs a Powershell script
-
- Beginning with Windows 10 Creators Update (version 1703), you can also configure Take a Test using these options:
- - Set up School PCs app
- - Intune for Education
-
- For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md).
-
-2. **Create and distribute the assessment URL through the web, email, OneNote, or any other method**
-
- This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link.
-
- You can enable this using a schema activation.
-
-
-## How to exit Take a Test
-To exit the Take a Test app at any time, press Ctrl+Alt+Delete.
-
-
-## Get more info
-- Teachers can use Microsoft Forms to create tests. See [Create tests using Microsoft Forms](https://support.microsoft.com/office/create-a-quiz-with-microsoft-forms-a082a018-24a1-48c1-b176-4b3616cdc83d) to find out how.
-- To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md).
diff --git a/education/windows/take-tests-in-windows.md b/education/windows/take-tests-in-windows.md
new file mode 100644
index 0000000000..68472404be
--- /dev/null
+++ b/education/windows/take-tests-in-windows.md
@@ -0,0 +1,92 @@
+---
+title: Take tests and assessments in Windows
+description: Learn about the built-in Take a Test app for Windows and how to use it.
+ms.date: 09/30/2022
+ms.topic: conceptual
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Take tests and assessments in Windows
+
+Many schools use online testing for formative and summation assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. To help schools with testing, Windows provides an application called **Take a Test**. The application is a secure browser that provides different features to help with testing, and can be configured to only allow access a specific URL or a list of URLs. When using Take a Test, students can't:
+
+- print, use screen capture, or text suggestions (unless enabled by the teacher or administrator)
+- access other applications
+- change system settings, such as display extension, notifications, updates
+- access Cortana
+- access content copied to the clipboard
+
+## How to use Take a Test
+
+There are different ways to use Take a Test, depending on the use case:
+
+- For lower stakes assessments, such a quick quiz in a class, a teacher can generate a *secure assessment URL* and share it with the students. Students can then open the URL to access the assessment through Take a Test. To learn more, see the next section: [Create a secure assessment link](#create-a-secure-assessment-link)
+- For higher stakes assessments, you can configure Windows devices to use a dedicated account for testing and execute Take a Test in a locked-down mode, called **kiosk mode**. Once signed in with the dedicated account, Windows will execute Take a Test in a lock-down mode, preventing the execution of any applications other than Take a Test. For more information, see [Configure Take a Test in kiosk mode](edu-take-a-test-kiosk-mode.md)
+
+:::image type="content" source="./images/takeatest/flow-chart.png" alt-text="Set up and user flow for the Take a Test app." border="false":::
+
+## Create a secure assessment link
+
+Anything hosted on the web can be presented in a locked down manner using the Take a Test app, not just assessments. To lock down online content, a URL must be embedded with a specific prefix and devices will be locked down when users open the link.
+
+To create a secure assessment link to the test, there are two options:
+
+- Create a link using a web application
+- Create a link using schema activation
+
+### Create a link using a web application
+
+For this option, copy the assessment URL and open the web application Customize your assessment URL, where you can:
+
+- Paste the link to the assessment URL
+- Select the options you want to allow during the test
+- Generate the link by selecting the button Create link
+
+This is an ideal option for teachers who want to create a link to a specific assessment and share it with students using OneNote, for example.
+
+### Create a link using schema activation
+
+For this option, you embed a URL with a specific prefix and specify parameters depending on what you want to allow during the test.
+The URL must be in the following format:
+
+```
+ms-edu-secureassessment:#enforceLockdown
+```
+
+To enable printing, screen capture, or both, use the above link and append one of these parameters:
+
+- `&enableTextSuggestions` - Enables text suggestions
+- `&requirePrinting` - Enables printing
+- `&enableScreenCapture` - Enables screen capture
+- `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability.
+
+If these parameters aren't included, the default behavior is to disable the capabilities.
+
+For tests that utilize the Windows lockdown API, which checks for running processes before locking down, remove `enforceLockdown`. Removing `enforceLockdown` will result in the app not locking down immediately, which allows you to close apps that aren't allowed to run during lockdown. Take a Test will lock down the device once the applications are closed.
+
+To enable permissive mode, don't include `enforceLockdown` in the schema parameters. For more information, see [Permissive mode](take-a-test-app-technical.md#permissive-mode).
+
+## Distribute the secure assessment link
+
+Once the link is created, it can be distributed through the web, email, OneNote, or any other method of your choosing.
+
+For example, you can create and copy the shortcut to the assessment URL to the students' desktop.
+
+To take the test, have the students open the link.
+
+> [!NOTE]
+> If you enabled printing, the printer must be pre-configured for the account before the student takes the test.
+
+:::image type="content" source="./images/takeatest/desktop-shortcuts.png" alt-text="Windows 11 SE desktop showing two shortcuts to assessment URLs." border="true":::
+
+> [!NOTE]
+> If using `enforceLockdown`, to exit the Take a Test app at any time, press Ctrl+Alt+Delete. Students will be prompted to type their password to get back to their desktop.
+
+## Additional information
+
+Teachers can use **Microsoft Forms** to create tests. For more information, see [Create tests using Microsoft Forms](https://support.microsoft.com/en-us/office/create-a-quiz-with-microsoft-forms-a082a018-24a1-48c1-b176-4b3616cdc83d).
+
+To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md).
\ No newline at end of file
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index 9436f4e605..ee529257c0 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -1,175 +1,40 @@
---
title: For teachers get Minecraft Education Edition
-description: Learn how teachers can get and distribute Minecraft.
-keywords: school, Minecraft, Education Edition, educators, teachers, acquire, distribute
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.localizationpriority: medium
-searchScope:
- - Store
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn how teachers can obtain and distribute Minecraft.
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows 11 SE
+ms.collection:
+ - highpri
---
# For teachers - get Minecraft: Education Edition
-The following article describes how teachers can get and distribute Minecraft: Education Edition.
-Minecraft: Education Edition is available for anyone to trial, and subscriptions can be purchased by qualified educational institutions directly in the Microsoft Store for Education, via volume licensing agreements and through partner resellers.
+The following article describes how teachers can get and distribute Minecraft: Education Edition at their school. Minecraft: Education Edition is available for anyone to trial, and subscriptions can be purchased by qualified educational institutions directly in the [Microsoft Admin Center by IT Admins](/education/windows/school-get-minecraft), via volume licensing agreements and through partner resellers.
-To get started, go to https://education.minecraft.net/ and select **GET STARTED**.
## Try Minecraft: Education Edition for Free
Minecraft: Education Edition is available for anyone to try for free! The free trial is fully functional but limited by the number of logins (25 for teachers and 10 for students) before a paid license will be required to continue playing.
-To learn more and get started, go to https://education.minecraft.net/ and select **GET STARTED**.
+To learn more and get started, [download the Minecraft: Education Edition app here.](https://aka.ms/download)
## Purchase Minecraft: Education Edition for Teachers and Students
-Minecraft: Education Edition is licensed via yearly subscriptions that are purchased through the Microsoft Store for Education, via volume licensing agreements and through partner resellers.
+As a teacher, you will need to have your IT Admin purchase licenses for you and your students directly through the Microsoft Admin Center, or you may already have access to licenses at your school (through a volume license agreement) if you have an Office 365 subscription.
->[!Note]
->M:EE is available on many platforms, but all license purchases can only be done through one of the three methods listed above.
+M:EE is included in many volume license agreements, however, only the administrators at your school will be able to assign and manage those licenses. If you have an Office 365 account, check with your school administration or IT administrator prior to purchasing M:EE directly.
-As a teacher, you may purchase subscription licenses for you and your students directly through the Microsoft Store for Education, or you may already have access to licenses at your school (through a volume license agreement) if you have an Office 365 account.
-
->[!Note]
->If you already have Office 365, you may already have Minecraft: Education Edition licenses for your school! M:EE is included in many volume license agreements, however, only the administrators at your school will be able to assign and manage those licenses. If you have an Office 365 account, check with your school administration or IT administrator prior to purchasing M:EE directly.
-
-You can purchase individual Minecraft: Education Edition subscriptions for you and other teachers and students directly in the Microsoft Store for Education.
-
-To purchase individual Minecraft: Education Edition subscriptions (that is, direct purchase):
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your Office 365 account.
-2. Click on [Minecraft: Education Edition](https://educationstore.microsoft.com/en-us/store/details/minecraft-education-edition/9nblggh4r2r6) (or use Search the Store to find it)
-3. Click **Buy**
-
->[!Note]
->Administrators can restrict the ability for teachers to purchase applications in the Microsoft Store for Education. If you do not have the ability to Buy, contact your school administration or IT administrator.
-
-
-## Distribute Minecraft
-
-After Minecraft: Education Edition licenses have been purchased, either directly, through a volume license agreement or through a partner reseller, those licenses will be added to your Microsoft Store for Education. From there you have three options:
-
-- You can install the app on your PC.
-- You can assign the app to others.
-- You can download the app to distribute.
-
-
-
-### Install for me
-You can install the app on your PC. This gives you a chance to work with the app before using it with your students.
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Install**.
-
-
-
-3. Click **Install**.
-
-### Assign to others
-Enter email addresses for your students, and each student will get an email with a link to install the app. This option is best for older, more tech-savvy students who will always use the same PC at school.
-
-**To assign to others**
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**.
-
-
-
-3. Click **Invite people**.
-
-4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**.
-
- 
-
- You can assign the app to students with work or school accounts.
- If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Microsoft 365 admin center where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin.
-
-
-**To finish Minecraft install (for students)**
-
-Students will receive an email with a link that will install the app on their PC.
-
-
-
-1. Click **Get the app** to start the app install in Microsoft Store app.
-2. In Microsoft Store app, click **Install**.
-
- 
-
- After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**.
-
- 
-
- When students click **My Library** they'll find apps assigned to them.
-
- 
-
-### Download for others
-Download for others allows teachers or IT admins to download packages that they can install on student PCs. This option will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
-- You have administrative permissions to install apps on the PC.
-- You want to install this app on each of your student's Windows 10 (at least version 1511) PCs.
-- Your students share Windows 10 computers, but sign in with their own Windows account.
-
-#### Requirements
-- Administrative permissions are required on the PC. If you don't have the correct permissions, you won't be able to install the app.
-- Windows 10 (at least version 1511) is required for PCs running Minecraft: Education Edition.
-
-#### Check for updates
-Minecraft: Education Edition won't install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Microsoft Store apps.
-
-**To check for app updates**
-1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
-2. Click the account button, and then click **Downloads and updates**.
-
- 
-
-3. Click **Check for updates**, and install all available updates.
-
- 
-
-4. Restart the computer before installing Minecraft: Education Edition.
-
-#### To download for others
-You'll download a .zip file, extract the files, and then use one of the files to install Minecraft: Education Edition on each PC.
-
-1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
-
- 
-
-2. **Extract files**. Find the .zip file that you downloaded and extract the files. This downloaded location is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
-3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.
-4. **Install app**. Use the USB drive to copy the Minecraft folder to each Windows 10 PC where you want to install Minecraft: Education Edition. Open Minecraft: Education Edition folder, right-click **InstallMinecraftEducationEdition.bat** and click **Run as administrator**.
-5. **Quick check**. The install program checks the PC to make sure it can run Minecraft: Education Edition. If your PC passes this test, the app will automatically install.
-6. **Restart**. Once installation is complete, restart each PC. Minecraft: Education Edition app is now ready for any student to use.
#### Troubleshoot
-If you ran **InstallMinecraftEducationEdition.bat** and Minecraft: Education Edition isn't available, there are a few things that might have happened.
-
-| Problem | Possible cause | Solution |
-|---------|----------------|----------|
-| Script ran, but it doesn't look like the app installed. | There might be pending app updates. | Check for app updates (see steps earlier in this topic). Install updates. Restart PC. Run **InstallMinecraftEducationEdition.bat** again. |
-| App won't install. | AppLocker is configured and preventing app installs. | Contact IT Admin. |
-| App won't install. | Policy prevents users from installing apps on the PC. | Contact IT Admin. |
-| Script starts, but stops quickly. | Policy prevents scripts from running on the PC. | Contact IT Admin. |
-| App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app won't be available.| Restart PC. Run **InstallMinecraftEducationEdition.bat** again. If a restart doesn't work, contact your IT Admin. |
-
-
-If you're still having trouble installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757).
+If you're having trouble installing the app, you can get more help on our [Support page](https://aka.ms/minecraftedusupport).
## Related topics
-[Working with Microsoft Store for Education](education-scenarios-store-for-business.md)
-Learn about overall Microsoft Store for Business management: manage settings, shop for apps, distribute apps, manage inventory, and manage order history.
[Get Minecraft: Education Edition](get-minecraft-for-education.md)
[For IT admins: get Minecraft: Education Edition](school-get-minecraft.md)
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index e76136de39..acc6aeb868 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -1,16 +1,12 @@
---
title: Test Windows 10 in S mode on existing Windows 10 education devices
description: Provides guidance on downloading and testing Windows 10 in S mode for existing Windows 10 education devices.
-ms.prod: windows
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: guide
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 10
+appliesto:
+ - ✅ Windows 10
+ms.collection:
+ - highpri
---
# Test Windows 10 in S mode on existing Windows 10 education devices
diff --git a/education/windows/tutorial-school-deployment/configure-device-apps.md b/education/windows/tutorial-school-deployment/configure-device-apps.md
new file mode 100644
index 0000000000..694a87c643
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/configure-device-apps.md
@@ -0,0 +1,91 @@
+---
+title: Configure applications with Microsoft Intune
+description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Configure applications with Microsoft Intune
+
+With Intune for Education, school IT administrators have access to diverse applications to help students unlock their learning potential. This section discusses tools and resources for adding apps to Intune for Education.
+
+Applications can be assigned to groups:
+
+- If you target apps to a **group of users**, the apps will be installed on any managed devices that the users sign into
+- If you target apps to a **group of devices**, the apps will be installed on those devices and available to any user who signs in
+
+In this section you will:
+> [!div class="checklist"]
+> * Add apps to Intune for Education
+> * Assign apps to groups
+> * Review some considerations for Windows 11 SE devices
+
+## Add apps to Intune for Education
+
+Intune for Education supports the deployment of two types of Windows applications: **web apps** and **desktop apps**.
+
+:::image type="content" source="./images/intune-education-apps.png" alt-text="Intune for Education - Apps" lightbox="./images/intune-education-apps.png" border="true":::
+
+### Desktop apps
+
+The addition of desktop applications to Intune should be carried out by repackaging the apps, and defining the commands to silently install them. The process is described in the article [Add, assign, and monitor a Win32 app in Microsoft Intune][MEM-1].
+
+### Web apps
+
+To create web applications in Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Apps**
+1. Select **New app** > **New web app**
+1. Provide a URL for the web app, a name and, optionally, an icon and description
+1. Select **Save**
+
+For more information, see [Add web apps][INT-2].
+
+## Assign apps to groups
+
+To assign applications to a group of users or devices:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > Pick a group to manage
+1. Select **Apps**
+1. Select either **Web apps** or **Windows apps**
+1. Select the apps you want to assign to the group > Save
+
+## Considerations for Windows 11 SE
+
+Windows 11 SE supports all web applications and a *curated list* of desktop applications.
+You can prepare and add a desktop app to Microsoft Intune as a Win32 app from the [approved app list][EDU-1].
+
+The process to add Win32 applications to Intune is described in the article [Add, assign, and monitor a Win32 app in Microsoft Intune][MEM-1].
+
+> [!NOTE]
+> If the applications you need aren't included in the list, anyone in your school district can submit an application request at Microsoft Education Support.
+
+> [!CAUTION]
+> If you assign an app to a device running **Windows 11 SE** and receive the **0x87D300D9** error code with a **Failed** state:
+> - Be sure the app is on the [approved app list][EDU-1]
+> - If you submitted a request to add your own app and it was approved, check that the app meets package requirements
+> - If the app is not approved, it will not run on Windows 11 SE. In this case, you will have to verify if the app can run in a web browser, such as a web app or PWA
+
+________________________________________________________
+
+## Next steps
+
+With the applications configured, you can now deploy students' and teachers' devices.
+
+> [!div class="nextstepaction"]
+> [Next: Deploy devices >](enroll-overview.md)
+
+
+
+[EDU-1]: /education/windows/windows-11-se-overview
+
+[MEM-1]: /mem/intune/apps/apps-win32-add
+
+[INT-1]: /intune-education/express-configuration-intune-edu
+[INT-2]: /intune-education/add-web-apps-edu
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/configure-device-settings.md b/education/windows/tutorial-school-deployment/configure-device-settings.md
new file mode 100644
index 0000000000..d2f56961ab
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/configure-device-settings.md
@@ -0,0 +1,134 @@
+---
+title: Configure and secure devices with Microsoft Intune
+description: Learn how to configure policies with Microsoft Intune in preparation for device deployment.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Configure and secure devices with Microsoft Intune
+
+With Intune for Education, you can configure settings for devices in the school, to ensure that they comply with specific policies.
+For example, you may need to secure your devices, ensuring that they are kept up to date. Or you may need to configure all the devices with the same look and feel.
+
+Settings can be assigned to groups:
+
+- If you target settings to a **group of users**, those settings will apply, regardless of what managed devices the targeted users sign in to
+- If you target settings to a **group of devices**, those settings will apply regardless of who is using the devices
+
+There are two ways to manage settings in Intune for Education:
+
+- **Express Configuration.** This option is used to configure a selection of settings that are commonly used in school environments
+- **Group settings.** This option is used to configure all settings that are offered by Intune for Education
+
+> [!NOTE]
+> Express Configuration is ideal when you are getting started. Settings are pre-configured to Microsoft-recommended values, but can be changed to fit your school's needs. It is recommended to use Express Configuration to initially set up your Windows devices.
+
+In this section you will:
+> [!div class="checklist"]
+> * Configure settings with Express Configuration
+> * Configure group settings
+> * Create Windows Update policies
+> * Configure security policies
+
+## Configure settings with Express Configuration
+
+With Express Configuration, you can get Intune for Education up and running in just a few steps. You can select a group of devices or users, select applications to distribute, and choose settings from the most commonly used in schools.
+
+> [!TIP]
+> To learn more, and practice step-by-step Express Configuration in Intune for Education, try this interactive demo.
+
+## Configure group settings
+
+Groups are used to manage users and devices with similar management needs, allowing you to apply changes to many devices or users at once. To review the available group settings:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > Pick a group to manage
+1. Select **Windows device settings**
+1. Expand the different categories and review information about individual settings
+
+Settings that are commonly configured for student devices include:
+
+- Wallpaper and lock screen background. See: [Lock screen and desktop][INT-7]
+- Wi-Fi connections. See: [Add Wi-Fi profiles][INT-8]
+- Enablement of the integrated testing and assessment solution *Take a Test*. See: [Add Take a Test profile][INT-9]
+
+For more information, see [Windows device settings in Intune for Education][INT-3].
+
+## Create Windows Update policies
+
+It is important to keep Windows devices up to date with the latest security updates. You can create Windows Update policies using Intune for Education.
+
+To create a Windows Update policy:
+
+1. Select **Groups** > Pick a group to manage
+1. Select **Windows device settings**
+1. Expand the category **Update and upgrade**
+1. Configure the required settings as needed
+
+For more information, see [Updates and upgrade][INT-6].
+
+> [!NOTE]
+> If you require a more complex Windows Update policy, you can create it in Microsoft Endpoint Manager. For more information:
+> - [What is Windows Update for Business?][WIN-1]
+> - [Manage Windows software updates in Intune][MEM-1]
+
+## Configure security policies
+
+It is critical to ensure that the devices you manage are secured using the different security technologies available in Windows.
+Intune for Education provides different settings to secure devices.
+
+To create a security policy:
+
+1. Select **Groups** > Pick a group to manage
+1. Select **Windows device settings**
+1. Expand the category **Security**
+1. Configure the required settings as needed, including
+ - Windows Defender
+ - Windows Encryption
+ - Windows SmartScreen
+
+For more information, see [Security][INT-4].
+
+> [!NOTE]
+> If you require more sophisticated security policies, you can create them in Microsoft Endpoint Manager. For more information:
+> - [Antivirus][MEM-2]
+> - [Disk encryption][MEM-3]
+> - [Firewall][MEM-4]
+> - [Endpoint detection and response][MEM-5]
+> - [Attack surface reduction][MEM-6]
+> - [Account protection][MEM-7]
+
+________________________________________________________
+
+## Next steps
+
+With the Intune service configured, you can configure policies and applications to deploy to your students' and teachers' devices.
+
+> [!div class="nextstepaction"]
+> [Next: Configure applications >](configure-device-apps.md)
+
+
+
+[EDU-1]: /education/windows/windows-11-se-overview
+
+[INT-2]: /intune-education/express-configuration-intune-edu
+[INT-3]: /intune-education/all-edu-settings-windows
+[INT-4]: /intune-education/all-edu-settings-windows#security
+[INT-6]: /intune-education/all-edu-settings-windows#updates-and-upgrade
+[INT-7]: /intune-education/all-edu-settings-windows#lock-screen-and-desktop
+[INT-8]: /intune-education/add-wi-fi-profile
+[INT-9]: /intune-education/take-a-test-profiles
+
+[WIN-1]: /windows/deployment/update/waas-manage-updates-wufb
+
+[MEM-1]: /mem/intune/protect/windows-update-for-business-configure
+[MEM-2]: /mem/intune/protect/endpoint-security-antivirus-policy
+[MEM-3]: /mem/intune/protect/encrypt-devices
+[MEM-4]: /mem/intune/protect/endpoint-security-firewall-policy
+[MEM-5]: /mem/intune/protect/endpoint-security-edr-policy
+[MEM-6]: /mem/intune/protect/endpoint-security-asr-policy
+[MEM-7]: /mem/intune/protect/endpoint-security-account-protection-policy
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/configure-devices-overview.md b/education/windows/tutorial-school-deployment/configure-devices-overview.md
new file mode 100644
index 0000000000..32b237ce5a
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/configure-devices-overview.md
@@ -0,0 +1,62 @@
+---
+title: Configure devices with Microsoft Intune
+description: Learn how to configure policies and applications in preparation for device deployment.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Configure settings and applications with Microsoft Intune
+
+Before distributing devices to your users, you must ensure that the devices will be configured with the required policies, settings, and applications as they get enrolled in Intune.
+Microsoft Intune uses Azure AD groups to assign policies and applications to devices.
+With Microsoft Intune for Education, you can conveniently create groups and assign policies and applications to them.
+
+In this section you will:
+> [!div class="checklist"]
+> * Create groups
+> * Create and assign policies to groups
+> * Create and assign applications to groups
+
+## Create groups
+
+By organizing devices, students, classrooms, or learning curricula into groups, you can provide students with the resources and configurations they need.
+
+By default, Intune for Education creates two default groups: *All devices* and *All users*.
+Two additional groups are pre-created if you use **Microsoft School Data Sync (SDS)**: *All teachers* and *All students*. SDS can also be configured to automatically create and maintain groups of students and teachers for each school.
+
+:::image type="content" source="./images/intune-education-groups.png" alt-text="Intune for Education - Groups blade" border="true":::
+
+Beyond the defaults, groups can be customized to suit various needs. For example, if you have both *Windows 10* and *Windows 11 SE* devices in your school, you can create groups, such as *Windows 10 devices* and *Windows 11 SE devices*, to assign different policies and applications to.
+
+Two group types can be created:
+
+- **Assigned groups** are used when you want to manually add users or devices to a group
+- **Dynamic groups** reference rules that you create to assign students or devices to groups, which automate the membership's maintenance of those groups
+
+> [!TIP]
+> If you target applications and policies to a *device dynamic group*, they will be applied to the devices as soon as they are enrolled in Intune, before users signs in. This can be useful in bulk enrollment scenarios, where devices are enrolled without requiring users to sign in. Devices can be configured and prepared in advance, before distribution.
+
+For more information, see:
+
+- [Create groups in Intune for Education][EDU-1]
+- [Manually add or remove users and devices to an existing assigned group][EDU-2]
+- [Edit dynamic group rules to accommodate for new devices, locations, or school years][EDU-3]
+
+________________________________________________________
+
+## Next steps
+
+With the groups created, you can configure policies and applications to deploy to your groups.
+
+> [!div class="nextstepaction"]
+> [Next: Configure policies >](configure-device-settings.md)
+
+
+
+[EDU-1]: /intune-education/create-groups
+[EDU-2]: /intune-education/edit-groups-intune-for-edu
+[EDU-3]: /intune-education/edit-groups-intune-for-edu#edit-dynamic-group-rules
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/enroll-aadj.md b/education/windows/tutorial-school-deployment/enroll-aadj.md
new file mode 100644
index 0000000000..829124e264
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-aadj.md
@@ -0,0 +1,34 @@
+---
+title: Enrollment in Intune with standard out-of-box experience (OOBE)
+description: Learn how to join devices to Azure AD from OOBE and automatically get them enrolled in Intune.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+# Automatic Intune enrollment via Azure AD join
+
+If you're setting up a Windows device individually, you can use the out-of-box experience to join it to your school's Azure Active Directory tenant, and automatically enroll it in Intune.
+With this process, no advance preparation is needed:
+
+1. Follow the on-screen prompts for region selection, keyboard selection, and network connection
+1. Wait for updates. If any updates are available, they'll be installed at this time
+ :::image type="content" source="./images/win11-oobe-updates.png" alt-text="Windows 11 OOBE - updates page" border="true":::
+1. When prompted, select **Set up for work or school** and authenticate using your school's Azure Active Directory account
+ :::image type="content" source="./images/win11-oobe-auth.png" alt-text="Windows 11 OOBE - authentication page" border="true":::
+1. The device will join Azure AD and automatically enroll in Intune. All settings defined in Intune will be applied to the device
+
+> [!IMPORTANT]
+> If you configured enrollment restrictions in Intune blocking personal Windows devices, this process will not complete. You will need to use a different enrollment method, or ensure that the devices are registered in Autopilot.
+
+:::image type="content" source="./images/win11-login-screen.png" alt-text="Windows 11 login screen" border="false":::
+
+________________________________________________________
+## Next steps
+
+With the devices joined to Azure AD tenant and managed by Intune, you can use Intune to maintain them and report on their status.
+
+> [!div class="nextstepaction"]
+> [Next: Manage devices >](manage-overview.md)
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/enroll-autopilot.md b/education/windows/tutorial-school-deployment/enroll-autopilot.md
new file mode 100644
index 0000000000..85c838b402
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-autopilot.md
@@ -0,0 +1,152 @@
+---
+title: Enrollment in Intune with Windows Autopilot
+description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Windows Autopilot
+
+Windows Autopilot is designed to simplify all parts of Windows devices lifecycle, from initial deployment through end of life. Using cloud-based services, Windows Autopilot can reduce the overall costs for deploying, managing, and retiring devices.
+
+Traditionally, IT pros spend a significant amount of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new, simplified approach. Devices don't need to be reimaged, rather they can be deployed with the OEM image, and customized using cloud-based services.
+
+From the user's perspective, it only takes a few simple operations to make their device ready to use. The only interaction required from the end user is to set their language and regional settings, connect to a network, and verify their credentials. Everything beyond that is automated.
+
+## Prerequisites
+
+Before setting up Windows Autopilot, consider these prerequisites:
+
+- **Software requirements.** Ensure your school and devices meet the [software, networking, licensing, and configuration requirements][WIN-1] for Windows Autopilot
+- **Devices ordered and registered.** Ensure your school IT administrator or Microsoft partner has ordered the devices from an original equipment manufacturer (OEM) and registered them for the Autopilot deployment service. To connect with a partner, you can use the [Microsoft Partner Center][MSFT-1] and work with them to register your devices
+- **Networking requirements.** Ensure students know to connect to the school network during OOBE setup. For more information on managing devices behind firewalls and proxy servers, see [Network endpoints for Microsoft Intune][MEM-1]
+
+> [!NOTE]
+> Where not explicitly specified, both HTTPS (443) and HTTP (80) must be accessible. If you are auto-enrolling your devices into Microsoft Intune or deploying Microsoft Office, follow the networking guidelines for [Microsoft Intune][INT-1] and [Microsoft 365][M365-1].
+
+## Register devices to Windows Autopilot
+
+Before deployment, devices must be registered in the Windows Autopilot service. Each device's unique hardware identity (known as a *hardware hash*) must be uploaded to the Autopilot service. In this way, the Autopilot service can recognize which tenant devices belong to, and which OOBE experience it should present. There are three main ways to register devices to Autopilot:
+
+- **OEM registration process.** When you purchase devices from an OEM or Reseller, that company can automatically register devices to Windows Autopilot and associate them to your tenant. Before this registration can happen, a *Global Administrator* must grant the OEM/Reseller permissions to register devices. For more information, see [OEM registration][MEM-2]
+ > [!NOTE]
+ > For **Microsoft Surface registration**, collect the details shown in this [documentation table][SURF-1] and follow the instruction to submit the request form to Microsoft Support.
+- **Cloud Solution Provider (CSP) registration process.** As with OEMs, CSP partners must be granted permission to register devices for a school. For more information, see [Partner registration][MEM-5]
+ > [!TIP]
+ > Try the Microsoft Partner Center clickable demo, which provides detailed steps to establish a partner relationship and register devices.
+- **Manual registration.** To manually register a device, you must first capture its hardware hash. Once this process has been completed, the hardware hash can be uploaded to the Windows Autopilot service using [Microsoft Intune][MEM-6]
+ > [!IMPORTANT]
+ > **Windows 11 SE** devices do not support the use of Windows PowerShell or Microsoft Configuration Manager to capture hardware hashes. Hardware hashes can only be captured manually. We recommend working with an OEM, partner, or device reseller to register devices.
+
+## Create groups for Autopilot devices
+
+**Windows Autopilot deployment profiles** determine the Autopilot *deployment mode* and define the out-of-box experience of your devices. A device group is required to assign a Windows Autopilot deployment profile to the devices.
+For this task, it's recommended to create dynamic device groups using Autopilot attributes.
+
+Here are the steps for creating a dynamic group for the devices that have an assigned Autopilot group tag:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > **Create group**
+1. Specify a **Group name** and select **Dynamic**
+1. Under **Rules**, select **I want to manage: Devices** and use the clause **Where: Device group tag starts with**, specifying the required tag value
+1. Select **Create group**
+ :::image type="content" source="./images/intune-education-autopilot-group.png" alt-text="Intune for Education - creation of a dynamic group for Autopilot devices" border="true":::
+
+More advanced dynamic membership rules can be created from Microsoft Endpoint Manager admin center. For more information, see [Create an Autopilot device group using Intune][MEM-3].
+
+> [!TIP]
+> You can use these dynamic groups not only to assign Autopilot profiles, but also to target applications and settings.
+
+## Create Autopilot deployment profiles
+
+For Autopilot devices to offer a customized OOBE experience, you must create **Windows Autopilot deployment profiles** and assign them to a group containing the devices.
+A deployment profile is a collection of settings that determine the behavior of the device during OOBE. Among other settings, a deployment profile specifies a **deployment mode**, which can either be:
+1. **User-driven:** devices with this profile are associated with the user enrolling the device. User credentials are required to complete the Azure AD join process during OOBE
+1. **Self-deploying:** devices with this profile aren't associated with the user enrolling the device. User credentials aren't required to complete the Azure AD join process. Rather, the device is joined automatically and, for this reason, specific hardware requirements must be met to use this mode.
+
+To create an Autopilot deployment profile:
+
+1. Sign in to the Intune for Education portal
+1. Select **Groups** > Select a group from the list
+1. Select **Windows device settings**
+1. Expand the **Enrolment** category
+1. From **Configure Autopilot deployment profile for device** select **User-driven**
+1. Ensure that **User account type** is configured as **Standard**
+1. Select **Save**
+
+While Intune for Education offers simple options for Autopilot configurations, more advanced deployment profiles can be created from Microsoft Endpoint Manager admin center. For more information, see [Windows Autopilot deployment profiles][MEM-4].
+
+### Configure an Enrollment Status Page
+
+An Enrollment Status Page (ESP) is a greeting page displayed to users while enrolling or signing in for the first time to Windows devices. The ESP displays provisioning progress, showing applications and profiles installation status.
+
+:::image type="content" source="./images/win11-oobe-esp.gif" alt-text="Windows OOBE - enrollment status page animation." border="false":::
+
+> [!NOTE]
+> Some Windows Autopilot deployment profiles **require** the ESP to be configured.
+
+To deploy the ESP to devices, you need to create an ESP profile in Microsoft Endpoint Manager.
+
+> [!TIP]
+> While testing the deployment process, you can configure the ESP to:
+> - allow the reset of the devices in case the installation fails
+> - allow the use of the device if installation error occurs
+>
+> This enables you to troubleshoot the installation process in case any issues arise and to easily reset the OS. You can turn these settings off once you are done testing.
+
+For more information, see [Set up the Enrollment Status Page][MEM-3].
+
+> [!CAUTION]
+> When targeting an ESP to **Windows 11 SE** devices, only applications included in the [approved app list][EDU-1] should part of the ESP configuration.
+
+### Autopilot end-user experience
+
+Once configuration is complete and devices are distributed, students and teachers are able to complete the out-of-box experience with Autopilot. They can set up their devices at home, at school, or wherever there's a reliable Internet connection.
+When a Windows device is turned on for the first time, the end-user experience with Windows Autopilot is as follows:
+
+1. Identify the language and region
+1. Select the keyboard layout and decide on the option for a second keyboard layout
+1. Connect to the internet: if connecting through Wi-Fi, the user will be prompted to connect to a wireless network. If the device is connected through an ethernet cable, Windows will skip this step
+1. Apply updates: the device will look for and apply required updates
+1. Windows will detect if the device has an Autopilot profile assigned to it. If so, it will proceed with the customized OOBE experience. If the Autopilot profile specifies a naming convention for the device, the device will be renamed, and a reboot will occur
+1. The user authenticates to Azure AD, using the school account
+1. The device joins Azure AD, enrolls in Intune and all the settings and applications are configured
+
+> [!NOTE]
+> Some of these steps may be skipped, depending on the Autopilot profile configuration and if the device is using a wired connection.
+
+:::image type="content" source="./images/win11-login-screen.png" alt-text="Windows 11 login screen" border="false":::
+
+________________________________________________________
+## Next steps
+
+With the devices joined to Azure AD tenant and managed by Intune, you can use Intune to maintain them and report on their status.
+
+> [!div class="nextstepaction"]
+> [Next: Manage devices >](manage-overview.md)
+
+
+
+[MEM-1]: /mem/intune/fundamentals/intune-endpoints
+[MEM-2]: /mem/autopilot/oem-registration
+[MEM-3]: /mem/autopilot/enrollment-autopilot#create-an-autopilot-device-group-using-intune
+[MEM-4]: /mem/autopilot/profiles
+[MEM-5]: /mem/autopilot/partner-registration
+[MEM-6]: /mem/autopilot/add-devices
+
+[WIN-1]: /windows/deployment/windows-autopilot/windows-autopilot-requirements
+
+[MSFT-1]: https://partner.microsoft.com/
+
+[INT-1]: /intune/network-bandwidth-use
+
+[M365-1]: https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
+
+[EDU-1]: /education/windows/windows-11-se-overview
+[EDU-2]: /intune-education/windows-11-se-overview#windows-autopilot
+
+[SURF-1]: /surface/surface-autopilot-registration-support
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/enroll-overview.md b/education/windows/tutorial-school-deployment/enroll-overview.md
new file mode 100644
index 0000000000..52fb94bc7a
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-overview.md
@@ -0,0 +1,35 @@
+---
+title: Device enrollment overview
+description: Learn about the different options to enroll Windows devices in Microsoft Intune
+ms.date: 08/31/2022
+ms.topic: overview
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Device enrollment overview
+
+There are three main methods for joining Windows devices to Azure AD and getting them enrolled and managed by Intune:
+
+- **Automatic Intune enrollment via Azure AD join** happens when a user first turns on a device that is in out-of-box experience (OOBE), and selects the option to join Azure AD. In this scenario, the user can customize certain Windows functionalities before reaching the desktop, and becomes a local administrator of the device. This option isn't an ideal enrollment method for education devices
+- **Bulk enrollment with provisioning packages.** Provisioning packages are files that can be used to set up Windows devices, and can include information to connect to Wi-Fi networks and to join an Azure AD tenant. Provisioning packages can be created using either **Set Up School PCs** or **Windows Configuration Designer** applications. These files can be applied during or after the out-of-box experience
+- **Enrollment via Windows Autopilot.** Windows Autopilot is a collection of cloud services to configure the out-of-box experience, enabling light-touch or zero-touch deployment scenarios. Windows Autopilot simplifies the Windows device lifecycle, from initial deployment to end of life, for OEMs, resellers, IT administrators and end users
+
+## Choose the enrollment method
+
+**Windows Autopilot** and the **Set up School PCs** app are usually the most efficient options for school environments.
+This [table][INT-1] describes the ideal scenarios for using either option. It's recommended to review the table when planning your enrollment and deployment strategies.
+
+:::image type="content" source="./images/enroll.png" alt-text="The device lifecycle for Intune-managed devices - enrollment" border="false":::
+
+Select one of the following options to learn the next steps about the enrollment method you chose:
+> [!div class="op_single_selector"]
+> - [Automatic Intune enrollment via Azure AD join](enroll-aadj.md)
+> - [Bulk enrollment with provisioning packages](enroll-package.md)
+> - [Enroll devices with Windows Autopilot ](enroll-autopilot.md)
+
+
+
+[INT-1]: /intune-education/add-devices-windows#when-to-use-set-up-school-pcs-vs-windows-autopilot
diff --git a/education/windows/tutorial-school-deployment/enroll-package.md b/education/windows/tutorial-school-deployment/enroll-package.md
new file mode 100644
index 0000000000..2021ec3ff0
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/enroll-package.md
@@ -0,0 +1,68 @@
+---
+title: Enrollment of Windows devices with provisioning packages
+description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Enrollment with provisioning packages
+
+Enrolling devices with provisioning packages is an efficient way to deploy a large number of Windows devices. Some of the benefits of provisioning packages are:
+
+- There are no particular hardware dependencies on the devices to complete the enrollment process
+- Devices don't need to be registered in advance
+- Enrollment is a simple task: just open a provisioning package and the process is automated
+
+You can create provisioning packages using either **Set Up School PCs** or **Windows Configuration Designer** applications, which are described in the following sections.
+
+## Set up School PCs
+
+With Set up School PCs, you can create a package containing the most common device configurations that students need, and enroll devices in Intune. The package is saved on a USB stick, which can then be plugged into devices during OOBE. Applications and settings will be automatically applied to the devices, including the Azure AD join and Intune enrollment process.
+
+### Create a provisioning package
+
+The Set Up School PCs app guides you through configuration choices for school-owned devices.
+
+:::image type="content" source="./images/supcs-win11se.png" alt-text="Configure device settings in Set Up School PCs app" border="false":::
+
+> [!CAUTION]
+> If you are creating a provisioning package for **Windows 11 SE** devices, ensure to select the correct *OS version* in the *Configure device settings* page.
+
+Set Up School PCs will configure many settings, allowing you to optimize devices for shared use and other scenarios.
+
+For more information on prerequisites, configuration, and recommendations, see [Use the Set Up School PCs app][EDU-1].
+
+> [!TIP]
+> To learn more and practice with Set up School PCs, try the Set Up School PCs demo, which provides detailed steps to create a provisioning package and deploy a device.
+## Windows Configuration Designer
+
+Windows Configuration Designer is especially useful in scenarios where a school needs to provision packages for both bring-you-own devices and school-owned devices. Differently from Set Up School PCs, Windows Configuration Designer doesn't offer a guided experience, and allows granular customizations, including the possibility to embed scripts in the package.
+
+:::image type="content" source="./images/wcd.png" alt-text="Set up device page in Windows Configuration Designer" border="false":::
+
+For more information, see [Install Windows Configuration Designer][WIN-1], which provides details about the app, its provisioning process, and considerations for its use.
+
+## Enroll devices with the provisioning package
+
+To provision Windows devices with provisioning packages, insert the USB stick containing the package during the out-of-box experience. The devices will read the content of the package, join Azure AD and automatically enroll in Intune.
+All settings defined in the package and in Intune will be applied to the device, and the device will be ready to use.
+
+:::image type="content" source="./images/win11-oobe-ppkg.gif" alt-text="Windows 11 OOBE - enrollment with provisioning package animation." border="false":::
+
+________________________________________________________
+## Next steps
+
+With the devices joined to Azure AD tenant and managed by Intune, you can use Intune to maintain them and report on their status.
+
+> [!div class="nextstepaction"]
+> [Next: Manage devices >](manage-overview.md)
+
+
+
+[EDU-1]: /education/windows/use-set-up-school-pcs-app
+
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-install-icd
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/images/advanced-support.png b/education/windows/tutorial-school-deployment/images/advanced-support.png
new file mode 100644
index 0000000000..d7655d1616
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/advanced-support.png differ
diff --git a/education/windows/tutorial-school-deployment/images/configure.png b/education/windows/tutorial-school-deployment/images/configure.png
new file mode 100644
index 0000000000..6e3219a7cb
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/configure.png differ
diff --git a/education/windows/tutorial-school-deployment/images/device-lifecycle.png b/education/windows/tutorial-school-deployment/images/device-lifecycle.png
new file mode 100644
index 0000000000..ab14cdb9f0
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/device-lifecycle.png differ
diff --git a/education/windows/tutorial-school-deployment/images/dfci-profile-expanded.png b/education/windows/tutorial-school-deployment/images/dfci-profile-expanded.png
new file mode 100644
index 0000000000..3386f7673a
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/dfci-profile-expanded.png differ
diff --git a/education/windows/tutorial-school-deployment/images/dfci-profile.png b/education/windows/tutorial-school-deployment/images/dfci-profile.png
new file mode 100644
index 0000000000..d77dc06f3d
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/dfci-profile.png differ
diff --git a/education/windows/tutorial-school-deployment/images/enroll.png b/education/windows/tutorial-school-deployment/images/enroll.png
new file mode 100644
index 0000000000..352cda9509
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/enroll.png differ
diff --git a/education/windows/tutorial-school-deployment/images/enrollment-restrictions.png b/education/windows/tutorial-school-deployment/images/enrollment-restrictions.png
new file mode 100644
index 0000000000..69b22745a6
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/enrollment-restrictions.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-assign-licenses.png b/education/windows/tutorial-school-deployment/images/entra-assign-licenses.png
new file mode 100644
index 0000000000..3f031053d5
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-assign-licenses.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-branding.png b/education/windows/tutorial-school-deployment/images/entra-branding.png
new file mode 100644
index 0000000000..7201c7386d
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-branding.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-device-settings.png b/education/windows/tutorial-school-deployment/images/entra-device-settings.png
new file mode 100644
index 0000000000..ef18b7391f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-device-settings.png differ
diff --git a/education/windows/tutorial-school-deployment/images/entra-tenant-name.png b/education/windows/tutorial-school-deployment/images/entra-tenant-name.png
new file mode 100644
index 0000000000..4cf21148d1
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/entra-tenant-name.png differ
diff --git a/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png b/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png
new file mode 100644
index 0000000000..69f9fb188a
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/i4e-autopilot-reset.png differ
diff --git a/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png b/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png
new file mode 100644
index 0000000000..5c1215f6d8
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/i4e-factory-reset.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-diagnostics.png b/education/windows/tutorial-school-deployment/images/intune-diagnostics.png
new file mode 100644
index 0000000000..20b05ad9d7
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-diagnostics.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-apps.png b/education/windows/tutorial-school-deployment/images/intune-education-apps.png
new file mode 100644
index 0000000000..ca344cf5cf
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-apps.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-autopilot-group.png b/education/windows/tutorial-school-deployment/images/intune-education-autopilot-group.png
new file mode 100644
index 0000000000..75543684ca
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-autopilot-group.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-groups.png b/education/windows/tutorial-school-deployment/images/intune-education-groups.png
new file mode 100644
index 0000000000..87f4546e88
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-groups.png differ
diff --git a/education/windows/tutorial-school-deployment/images/intune-education-portal.png b/education/windows/tutorial-school-deployment/images/intune-education-portal.png
new file mode 100644
index 0000000000..6bcc9f9375
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/intune-education-portal.png differ
diff --git a/education/windows/tutorial-school-deployment/images/inventory-reporting.png b/education/windows/tutorial-school-deployment/images/inventory-reporting.png
new file mode 100644
index 0000000000..39c904e205
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/inventory-reporting.png differ
diff --git a/education/windows/tutorial-school-deployment/images/m365-admin-center.png b/education/windows/tutorial-school-deployment/images/m365-admin-center.png
new file mode 100644
index 0000000000..d471b441dd
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/m365-admin-center.png differ
diff --git a/education/windows/tutorial-school-deployment/images/protect-manage.png b/education/windows/tutorial-school-deployment/images/protect-manage.png
new file mode 100644
index 0000000000..7ee7040a46
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/protect-manage.png differ
diff --git a/education/windows/tutorial-school-deployment/images/remote-actions.png b/education/windows/tutorial-school-deployment/images/remote-actions.png
new file mode 100644
index 0000000000..cfbd12f2da
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/remote-actions.png differ
diff --git a/education/windows/tutorial-school-deployment/images/retire.png b/education/windows/tutorial-school-deployment/images/retire.png
new file mode 100644
index 0000000000..c079cfeaac
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/retire.png differ
diff --git a/education/windows/tutorial-school-deployment/images/supcs-win11se.png b/education/windows/tutorial-school-deployment/images/supcs-win11se.png
new file mode 100644
index 0000000000..700ff6d87f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/supcs-win11se.png differ
diff --git a/education/windows/tutorial-school-deployment/images/surface-management-portal-expanded.png b/education/windows/tutorial-school-deployment/images/surface-management-portal-expanded.png
new file mode 100644
index 0000000000..339bd90904
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/surface-management-portal-expanded.png differ
diff --git a/education/windows/tutorial-school-deployment/images/surface-management-portal.png b/education/windows/tutorial-school-deployment/images/surface-management-portal.png
new file mode 100644
index 0000000000..a1b7dd37ab
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/surface-management-portal.png differ
diff --git a/education/windows/tutorial-school-deployment/images/wcd.png b/education/windows/tutorial-school-deployment/images/wcd.png
new file mode 100644
index 0000000000..fba5be741f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/wcd.png differ
diff --git a/education/windows/tutorial-school-deployment/images/whfb-disable.png b/education/windows/tutorial-school-deployment/images/whfb-disable.png
new file mode 100644
index 0000000000..97177965e3
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/whfb-disable.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-autopilot-reset.png b/education/windows/tutorial-school-deployment/images/win11-autopilot-reset.png
new file mode 100644
index 0000000000..0ec380619e
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-autopilot-reset.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-login-screen.png b/education/windows/tutorial-school-deployment/images/win11-login-screen.png
new file mode 100644
index 0000000000..438dda11bc
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-login-screen.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-auth.png b/education/windows/tutorial-school-deployment/images/win11-oobe-auth.png
new file mode 100644
index 0000000000..5ebb6a9f14
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-auth.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-esp.gif b/education/windows/tutorial-school-deployment/images/win11-oobe-esp.gif
new file mode 100644
index 0000000000..fa2e4c3aeb
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-esp.gif differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-ppkg.gif b/education/windows/tutorial-school-deployment/images/win11-oobe-ppkg.gif
new file mode 100644
index 0000000000..2defd5c1ce
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-ppkg.gif differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-oobe-updates.png b/education/windows/tutorial-school-deployment/images/win11-oobe-updates.png
new file mode 100644
index 0000000000..51bbc39c9f
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-oobe-updates.png differ
diff --git a/education/windows/tutorial-school-deployment/images/win11-wipe.png b/education/windows/tutorial-school-deployment/images/win11-wipe.png
new file mode 100644
index 0000000000..027afae172
Binary files /dev/null and b/education/windows/tutorial-school-deployment/images/win11-wipe.png differ
diff --git a/education/windows/tutorial-school-deployment/index.md b/education/windows/tutorial-school-deployment/index.md
new file mode 100644
index 0000000000..14f76929f4
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/index.md
@@ -0,0 +1,79 @@
+---
+title: Introduction to the tutorial deploy and manage Windows devices in a school
+description: Introduction to deployment and management of Windows devices in education environments.
+ms.date: 08/31/2022
+ms.topic: conceptual
+---
+
+# Tutorial: deploy and manage Windows devices in a school
+
+This guide introduces the tools and services available from Microsoft to deploy, configure and manage Windows devices in an education environment.
+
+## Audience and user requirements
+
+This tutorial is intended for education professionals responsible for deploying and managing Windows devices, including:
+
+- School leaders
+- IT administrators
+- Teachers
+- Microsoft partners
+
+This content provides a comprehensive path for schools to deploy and manage new Windows devices with Microsoft Intune. It includes step-by-step information how to manage devices throughout their lifecycle, and specific guidance for **Windows 11 SE** and **Surface devices**.
+
+> [!NOTE]
+> Depending on your school setup scenario, you may not need to implement all steps.
+
+## Device lifecycle management
+
+Historically, school IT administrators and educators have struggled to find an easy-to-use, flexible, and secure way to manage the lifecycle of the devices in their schools. In response, Microsoft has developed integrated suites of products for streamlined, cost-effective device lifecycle management.
+
+Microsoft 365 Education provides tools and services that enable simplified management of all devices through Microsoft Endpoint Manager (MEM). With Microsoft's solutions, IT administrators have the flexibility to support diverse scenarios, including school-owned devices and bring-your-own devices.
+Microsoft Endpoint Manager services include:
+
+- [Microsoft Intune][MEM-1]
+- [Microsoft Intune for Education][INT-1]
+- [Configuration Manager][MEM-2]
+- [Desktop Analytics][MEM-3]
+- [Windows Autopilot][MEM-4]
+- [Surface Management Portal][MEM-5]
+
+These services are part of the Microsoft 365 stack to help secure access, protect data, and manage risk.
+
+## Why Intune for Education?
+
+Windows devices can be managed with Intune for Education, enabling simplified management of multiple devices from a single point.
+From enrollment, through configuration and protection, to resetting, Intune for Education helps school IT administrators manage and optimize the devices throughout their lifecycle:
+
+:::image type="content" source="./images/device-lifecycle.png" alt-text="The device lifecycle for Intune-managed devices" border="false":::
+
+- **Enroll:** to enable remote device management, devices must be enrolled in Intune with an account in your Azure AD tenant. Some enrollment methods require an IT administrator to initiate enrollment, while others require students to complete the initial device setup process. This document discusses the facets of various device enrollment methodologies
+- **Configure:** once the devices are enrolled in Intune, applications and settings will be applied, as defined by the IT administrator
+- **Protect and manage:** in addition to its configuration capabilities, Intune for Education helps protect devices from unauthorized access or malicious attacks. For example, adding an extra layer of authentication with Windows Hello can make devices more secure. Policies are available that let you control settings for Windows Firewall, Endpoint Protection, and software updates
+- **Retire:** when it's time to repurpose a device, Intune for Education offers several options, including resetting the device, removing it from management, or wiping school data. In this document, we cover different device return and exchange scenarios
+
+## Four pillars of modern device management
+
+In the remainder of this document, we'll discuss the key concepts and benefits of modern device management with Microsoft 365 solutions for education. The guidance is organized around the four main pillars of modern device management:
+
+- **Identity management:** setting up and configuring the identity system, with Microsoft 365 Education and Azure Active Directory, as the foundation for user identity and authentication
+- **Initial setup:** setting up the Intune for Education environment for managing devices, including configuring settings, deploying applications, and defining updates cadence
+- **Device enrollment:** Setting up Windows devices for deployment and enrolling them in Intune for Education
+- **Device reset:** Resetting managed devices with Intune for Education
+
+________________________________________________________
+## Next steps
+
+Let's begin with the creation and configuration of your Azure AD tenant and Intune environment.
+
+> [!div class="nextstepaction"]
+> [Next: Set up Azure Active Directory >](set-up-azure-ad.md)
+
+
+
+[MEM-1]: /mem/intune/fundamentals/what-is-intune
+[MEM-2]: /mem/configmgr/core/understand/introduction
+[MEM-3]: /mem/configmgr/desktop-analytics/overview
+[MEM-4]: /mem/autopilot/windows-autopilot
+[MEM-5]: /mem/autopilot/dfci-management
+
+[INT-1]: /intune-education/what-is-intune-for-education
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/manage-overview.md b/education/windows/tutorial-school-deployment/manage-overview.md
new file mode 100644
index 0000000000..db77a8606f
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/manage-overview.md
@@ -0,0 +1,63 @@
+---
+title: Manage devices with Microsoft Intune
+description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Manage devices with Microsoft Intune
+
+Microsoft Intune offers a streamlined remote device management experience throughout the school year. IT administrators can optimize device settings, deploy new applications, updates, ensuring that security and privacy are maintained.
+
+:::image type="content" source="./images/protect-manage.png" alt-text="The device lifecycle for Intune-managed devices - protect and manage devices" border="false":::
+
+## Remote device management
+
+With Intune for Education, there are several ways to manage students' devices. Groups can be created to organize devices and students, to facilitate remote management. You can determine which applications students have access to, and fine tune device settings and restrictions. You can also monitor which devices students sign in to, and troubleshoot devices remotely.
+
+### Remote actions
+
+Intune fo Education allows you to perform actions on devices without having to sign in to the devices. For example, you can send a command to a device to restart or to turn off, or you can locate a device.
+
+:::image type="content" source="./images/remote-actions.png" alt-text="Remote actions available in Intune for Education when selecting a Windows device" lightbox="./images/remote-actions.png" border="true":::
+
+With bulk actions, remote actions can be performed on multiple devices at once.
+
+To learn more about remote actions in Intune for Education, see [Remote actions][EDU-1].
+
+## Remote assistance
+
+With devices managed by Intune for Education, you can remotely assist students and teachers that are having issues with their devices.
+
+For more information, see [Remote assistance for managed devices - Intune for Education][EDU-2].
+
+## Device inventory and reporting
+
+With Intune for Education, it's possible view and report on current devices, applications, settings, and overall health. You can also download reports to review or share offline.
+
+Here are the steps for generating reports in Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Reports**
+1. Select between one of the report types:
+ - Device inventory
+ - Device actions
+ - Application inventory
+ - Settings errors
+ - Windows Defender
+ - Autopilot deployment
+1. If needed, use the search box to find specific devices, applications, and settings
+1. To download a report, select **Download**. The report will download as a comma-separated value (CSV) file, which you can view and modify in a spreadsheet app like Microsoft Excel.
+ :::image type="content" source="./images/inventory-reporting.png" alt-text="Reporting options available in Intune for Education when selecting the reports blade" border="true":::
+
+To learn more about reports in Intune for Education, see [Reports in Intune for Education][EDU-3].
+
+
+
+[EDU-1]: /intune-education/edu-device-remote-actions
+[EDU-2]: /intune-education/remote-assist-mobile-devices
+[EDU-3]: /intune-education/what-are-reports
diff --git a/education/windows/tutorial-school-deployment/manage-surface-devices.md b/education/windows/tutorial-school-deployment/manage-surface-devices.md
new file mode 100644
index 0000000000..7b888d8adb
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/manage-surface-devices.md
@@ -0,0 +1,46 @@
+---
+title: Management functionalities for Surface devices
+description: Learn about the management capabilities offered to Surface devices, including firmware management and the Surface Management Portal.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Surface devices
+---
+
+# Management functionalities for Surface devices
+
+Microsoft Surface devices offer many advanced management functionalities, including the possibility to manage firmware settings and a web portal designed for them.
+
+## Manage device firmware for Surface devices
+
+Surface devices use a Unified Extensible Firmware Interface (UEFI) setting that allows you to enable or disable built-in hardware components, protect UEFI settings from being changed, and adjust device boot configuration. With [Device Firmware Configuration Interface profiles built into Intune][INT-1], Surface UEFI management extends the modern management capabilities to the hardware level. Windows can pass management commands from Intune to UEFI for Autopilot-deployed devices.
+
+DFCI supports zero-touch provisioning, eliminates BIOS passwords, and provides control of security settings for boot options, cameras and microphones, built-in peripherals, and more. For more information, see [Manage DFCI on Surface devices][SURF-1] and [Manage DFCI with Windows Autopilot][MEM-1], which includes a list of requirements to use DFCI.
+
+:::image type="content" source="./images/dfci-profile.png" alt-text="Creation of a DFCI profile from Microsoft Endpoint Manager" lightbox="./images/dfci-profile-expanded.png" border="true":::
+
+## Microsoft Surface Management Portal
+
+Located in the Microsoft Endpoint Manager admin center, the Microsoft Surface Management Portal enables you to self-serve, manage, and monitor your school's Intune-managed Surface devices at scale. Get insights into device compliance, support activity, warranty coverage, and more.
+
+When Surface devices are enrolled in cloud management and users sign in for the first time, information automatically flows into the Surface Management Portal, giving you a single pane of glass for Surface-specific administration activities.
+
+To access and use the Surface Management Portal:
+
+1. Sign in to Microsoft Endpoint Manager admin center
+1. Select **All services** > **Surface Management Portal**
+ :::image type="content" source="./images/surface-management-portal.png" alt-text="Surface Management Portal within Microsoft Endpoint Manager" lightbox="./images/surface-management-portal-expanded.png" border="true":::
+1. To obtain insights for all your Surface devices, select **Monitor**
+ - Devices that are out of compliance or not registered, have critically low storage, require updates, or are currently inactive, are listed here
+1. To obtain details on each insights category, select **View report**
+ - This dashboard displays diagnostic information that you can customize and export
+1. To obtain the device's warranty information, select **Device warranty and coverage**
+1. To review a list of support requests and their status, select **Support requests**
+
+
+
+[INT-1]: /intune/configuration/device-firmware-configuration-interface-windows
+
+[MEM-1]: /mem/autopilot/dfci-management
+
+[SURF-1]: /surface/surface-manage-dfci-guide
diff --git a/education/windows/tutorial-school-deployment/reset-wipe.md b/education/windows/tutorial-school-deployment/reset-wipe.md
new file mode 100644
index 0000000000..7a404f7ecf
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/reset-wipe.md
@@ -0,0 +1,114 @@
+---
+title: Reset and wipe Windows devices
+description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Device reset options
+
+There are different scenarios that require a device to be reset, for example:
+
+- The device isn't responding to commands
+- The device is lost or stolen
+- It's the end of the life of the device
+- It's the end of the school year and you want to prepare the device for a new school year
+- The device has hardware problems and you want to send it to the service center
+
+:::image type="content" source="./images/retire.png" alt-text="The device lifecycle for Intune-managed devices - retirement" border="false":::
+
+Intune for Education provides two device reset functionalities that enable IT administrators to remotely execute them:
+
+- **Factory reset** (also known as **wipe**) is used to wipe all data and settings from the device, returning it to the default factory settings
+- **Autopilot reset** is used to return the device to a fully configured or known IT-approved state
+
+## Factory reset (wipe)
+
+A factory reset, or a wipe, reverts a device to the original settings when it was purchased. All settings, applications and data installed on the device after purchase are removed. The device is also removed from Intune management.
+
+Once the wipe is completed, the device will be in out-of-box experience.
+
+Here are the steps to perform a factory reset from Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Devices**
+1. Select the device you want to reset > **Factory reset**
+1. Select **Factory reset** to confirm the action
+
+:::image type="content" source="./images/win11-wipe.png" alt-text="Three screenshots showing the device being wiped, ending up in OOBE" lightbox="./images/win11-wipe.png" border="false":::
+
+Consider using factory reset in the following example scenarios:
+
+- The device isn't working properly, and you want to reset it without reimaging it
+- It's the end of school year and you want to prepare the device for a new school year
+- You need to reassign the device to a different student, and you want to reset the device to its original settings
+- You're returning a device to the service center, and you want to remove all data and settings from the device
+
+> [!TIP]
+> Consider that once the device is wiped, the new user will go through OOBE. This option may be ideal if the device is also registered in Autopilot to make the OOBE experience seamless, or if you plan to use a provisioning package to re-enroll the device.
+
+## Autopilot Reset
+
+Autopilot Reset is ideal when all data on a device needs to be wiped, but the device remains enrolled in your tenant.
+
+Once the Autopilot reset action is completed, the device will ask to chose region and keyboard layout, then it will display the sign-in screen.
+
+Here are the steps to perform an Autopilot reset from Intune for Education:
+
+1. Sign in to the Intune for Education portal
+1. Select **Devices**
+1. Select the device you want to reset > **Autopilot reset**
+1. Select **Autopilot reset** to confirm the action
+
+:::image type="content" source="./images/win11-autopilot-reset.png" alt-text="Three screenshots showing the device being wiped, ending up in the login screen" border="false":::
+
+Consider using Autopilot reset in the following example scenarios:
+
+- The device isn't working properly, and you want to reset it without reimaging it
+- It's the end of school year and you want to prepare the device for a new school year
+- You need to reassign the device to a different student, and you want to reset the device to without requiring the student to go through OOBE
+
+> [!TIP]
+> Consider that the end user will **not** go through OOBE, and the association of the user to the device in Intune doesn't change. For this reason, this option may be ideal for devices that have been enrolled in Intune as *shared devices* (for example, a device that was enrolled with a provisioning package or using Autopilot self-deploying mode).
+
+## Wiping and deleting a device
+
+There are scenarios that require a device to be deleted from your tenant, for example:
+
+- The device is lost or stolen
+- It's the end of the life of the device
+- The device has been replaced with a new device or has its motherboard replaced
+
+> [!IMPORTANT]
+> The following actions should only be performed for devices that are no longer going to be used in your tenant.
+
+ To completely remove a device, you need to perform the following actions:
+
+1. If possible, perform a **factory reset (wipe)** of the device. If the device can't be wiped, delete the device from Intune using [these steps][MEM-1]
+1. If the device is registered in Autopilot, delete the Autopilot object using [these steps][MEM-2]
+1. Delete the device from Azure Active Directory using [these steps][MEM-3]
+
+## Autopilot considerations for a motherboard replacement scenario
+
+Repairing Autopilot-enrolled devices can be complex, as OEM requirements must be balanced with Autopilot requirements. If a motherboard replacement is needed on an Autopilot device, it's suggested the following process:
+
+1. Deregister the device from Autopilot
+1. Replace the motherboard
+1. Capture a new device ID (4K HH)
+1. Re-register the device with Autopilot
+ > [!IMPORTANT]
+ > For DFCI management, the device must be re-registered by a partner or OEM. Self-registration of devices is not supported with DFCI management.
+1. Reset the device
+1. Return the device
+
+For more information, see [Autopilot motherboard replacement scenario guidance][MEM-4].
+
+
+[MEM-1]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal
+[MEM-2]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-intune-portal
+[MEM-3]: /mem/intune/remote-actions/devices-wipe#delete-devices-from-the-azure-active-directory-portal
+[MEM-4]: /mem/autopilot/autopilot-mbr
diff --git a/education/windows/tutorial-school-deployment/set-up-azure-ad.md b/education/windows/tutorial-school-deployment/set-up-azure-ad.md
new file mode 100644
index 0000000000..d27616f71e
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/set-up-azure-ad.md
@@ -0,0 +1,170 @@
+---
+title: Set up Azure Active Directory
+description: Learn how to create and prepare your Azure AD tenant for an education environment.
+ms.date: 08/31/2022
+ms.topic: tutorial
+---
+
+# Set up Azure Active Directory
+
+The Microsoft platform for education simplifies the management of Windows devices with Intune for Education and Microsoft 365 Education. The first, fundamental step, is to configure the identity infrastructure to manage user access and permissions for your school.
+
+Azure Active Directory (Azure AD), which is included with the Microsoft 365 Education subscription, provides authentication and authorization to any Microsoft cloud services. Identity objects are defined in Azure AD for human identities, like students and teachers, as well as non-human identities, like devices, services, and applications. Once users get Microsoft 365 licenses assigned, they'll be able to consume services and access resources within the tenant. With Microsoft 365 Education, you can manage identities for your teachers and students, assign licenses to devices and users, and create groups for the classrooms.
+
+In this section you will:
+> [!div class="checklist"]
+> * Set up a Microsoft 365 Education tenant
+> * Add users, create groups, and assign licenses
+> * Configure school branding
+> * Enable bulk enrollment
+
+## Create a Microsoft 365 tenant
+
+If you don't already have a Microsoft 365 tenant, you'll need to create one.
+
+For more information, see [Create your Office 365 tenant account][M365-1]
+
+> [!TIP]
+> To learn more, and practice how to configure the Microsoft 365 tenant for your school, try this interactive demo.
+### Explore the Microsoft 365 admin center
+
+The **Microsoft 365 admin center** is the hub for all administrative consoles for the Microsoft 365 cloud. To access the Microsoft Entra admin center, sign in with the same global administrator account when you [created the Microsoft 365 tenant](#create-a-microsoft-365-tenant).
+
+From the Microsoft 365 admin center, you can access different administrative dashboards: Azure Active Directory, Microsoft Endpoint Manager, Intune for Education, and others:
+
+:::image type="content" source="./images/m365-admin-center.png" alt-text="*All admin centers* page in *Microsoft 365 admin center*" lightbox="./images/m365-admin-center.png" border="true":::
+
+For more information, see [Overview of the Microsoft 365 admin center][M365-2].
+
+> [!NOTE]
+> Setting up your school's basic cloud infrastructure does not require you to complete the rest of the Microsoft 365 setup. For this reason, we will skip directly to adding students and teachers as users in the Microsoft 365 tenant.
+
+## Add users, create groups, and assign licenses
+
+With the Microsoft 365 tenant in place, it's time to add users, create groups, and assign licenses. All students and teachers need a user account before they can sign in and access the different Microsoft 365 services. There are multiple ways to do this, including using School Data Sync (SDS), synchronizing an on-premises Active Directory, manually, or a combination of the above.
+
+> [!NOTE]
+> Synchronizing your Student Information System (SIS) with School Data Sync is the preferred way to create students and teachers as users in a Microsoft 365 Education tenant. However, if you want to integrate an on-premises directory and synchronize accounts to the cloud, skip to [Azure Active Directory sync](#azure-active-directory-sync) below.
+
+### School Data Sync
+
+School Data Sync (SDS) imports and synchronizes SIS data to create classes in Microsoft 365, such as Microsoft 365 groups and class teams in Microsoft Teams. SDS can be used to create new, cloud-only, identities or to evolve existing identities. Users evolve into *students* or *teachers* and are associated with a *grade*, *school*, and other education-specific attributes.
+
+For more information, see [Overview of School Data Sync][SDS-1].
+
+> [!TIP]
+> To learn more and practice with School Data Sync, follow the Microsoft School Data Sync demo, which provides detailed steps to access, configure, and deploy School Data Sync in your Microsoft 365 Education tenant.
+
+> [!NOTE]
+> You can perform a test deployment by cloning or downloading sample SDS CSV school data from the [O365-EDU-Tools GitHub site](https://github.com/OfficeDev/O365-EDU-Tools).
+>
+> Remember that you should typically deploy test SDS data (users, groups, and so on) in a separate test tenant, not your school production environment.
+
+### Azure Active Directory sync
+
+To integrate an on-premises directory with Azure Active Directory, you can use **Microsoft Azure Active Directory Connect** to synchronize users, groups, and other objects. Azure AD Connect lets you configure the authentication method appropriate for your school, including:
+
+- [Password hash synchronization][AAD-1]
+- [Pass-through authentication][AAD-2]
+- [Federated authentication][AAD-3]
+
+For more information, see [Set up directory synchronization for Microsoft 365][O365-1].
+
+### Create users manually
+
+In addition to the above methods, you can manually add users and groups, and assign licenses through the Microsoft 365 admin center.
+
+There are two options for adding users manually, either individually or in bulk:
+
+1. To add students and teachers as users in Microsoft 365 Education *individually*:
+ - Sign in to the Microsoft Entra admin center
+ - Select **Azure Active Directory** > **Users** > **All users** > **New user** > **Create new user**
+ For more information, see [Add users and assign licenses at the same time][M365-3].
+1. To add *multiple* users to Microsoft 365 Education:
+ - Sign in to the Microsoft Entra admin center
+ - Select **Azure Active Directory** > **Users** > **All users** > **Bulk operations** > **Bulk create**
+
+For more information, see [Add multiple users in the Microsoft 365 admin center][M365-4].
+### Create groups
+
+Creating groups is important to simplify multiple tasks, like assigning licenses, delegating administration, deploy settings, applications or to distribute assignments to students. To create groups:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Groups** > **All groups** > **New group**
+1. On the **New group** page, select **Group type** > **Security**
+1. Provide a group name and add members, as needed
+1. Select **Next**
+
+For more information, see [Create a group in the Microsoft 365 admin center][M365-5].
+
+### Assign licenses
+
+The recommended way to assign licenses is through group-based licensing. With this method, Azure AD ensures that licenses are assigned to all members of the group. Any new members who join the group are assigned the appropriate licenses, and when members leave, their licenses are removed.
+
+To assign a license to a group:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Show More** > **Billing** > **Licenses**
+1. Select the required products that you want to assign licenses for > **Assign**
+1. Add the groups to which the licenses should be assigned
+
+ :::image type="content" source="images/entra-assign-licenses.png" alt-text="Assign licenses from Microsoft Entra admin center." lightbox="images/entra-assign-licenses.png":::
+
+For more information, see [Group-based licensing using Azure AD admin center][AAD-4].
+
+## Configure school branding
+
+Configuring your school branding enables a more familiar Autopilot experience to students and teachers. With a custom school branding, you can define a custom logo and a welcome message, which will appear during the Windows out-of-box experience.
+
+To configure your school's branding:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Show More** > **User experiences** > **Company branding**
+1. You can specify brand settings like background image, logo, username hint and a sign-in page text
+ :::image type="content" source="images/entra-branding.png" alt-text="Configure Azure AD branding from Microsoft Entra admin center." lightbox="images/entra-branding.png":::
+1. To adjust the school tenant's name displayed during OOBE, select **Azure Active Directory** > **Overview** > **Properties**
+1. In the **Name** field, enter the school district or organization's name > **Save**
+ :::image type="content" alt-text="Configure Azure AD tenant name from Microsoft Entra admin center." source="images/entra-tenant-name.png" lightbox="images/entra-tenant-name.png":::
+
+For more information, see [Add branding to your directory][AAD-5].
+
+## Enable bulk enrollment
+
+If you decide to enroll Windows devices using provisioning packages instead of Windows Autopilot, you must ensure that the provisioning packages can join Windows devices to the Azure AD tenant.
+
+To allow provisioning packages to complete the Azure AD Join process:
+
+1. Sign in to the Microsoft Entra admin center
+1. Select **Azure Active Directory** > **Devices** > **Device Settings**
+1. Under **Users may join devices to Azure AD**, select **All**
+ > [!NOTE]
+ > If it is required that only specific users can join devices to Azure AD, select **Selected**. Ensure that the user account that will create provisioning packages is included in the list of users.
+1. Select Save
+ :::image type="content" source="images/entra-device-settings.png" alt-text="Configure device settings from Microsoft Entra admin center." lightbox="images/entra-device-settings.png":::
+
+________________________________________________________
+
+## Next steps
+
+With users and groups created, and licensed for Microsoft 365 Education, you can now configure Microsoft Intune.
+
+> [!div class="nextstepaction"]
+> [Next: Set up Microsoft Intune >](set-up-microsoft-intune.md)
+
+
+
+[AAD-1]: /azure/active-directory/hybrid/whatis-phs
+[AAD-2]: /azure/active-directory/hybrid/how-to-connect-pta
+[AAD-3]: /azure/active-directory/hybrid/how-to-connect-fed-whatis
+[AAD-4]: /azure/active-directory/enterprise-users/licensing-groups-assign
+[AAD-5]: /azure/active-directory/fundamentals/customize-branding
+
+[M365-1]: /microsoft-365/education/deploy/create-your-office-365-tenant
+[M365-2]: /microsoft-365/admin/admin-overview/admin-center-overview
+[M365-3]: /microsoft-365/admin/add-users/add-users
+[M365-4]: /microsoft-365/enterprise/add-several-users-at-the-same-time
+[M365-5]: /microsoft-365/admin/create-groups/create-groups
+
+[O365-1]: /office365/enterprise/set-up-directory-synchronization
+
+[SDS-1]: /schooldatasync/overview-of-school-data-sync
diff --git a/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
new file mode 100644
index 0000000000..f4d3b44e2e
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
@@ -0,0 +1,95 @@
+---
+title: Set up device management
+description: Learn how to configure the Intune service and set up the environment for education.
+ms.date: 08/31/2022
+ms.topic: tutorial
+---
+
+# Set up Microsoft Intune
+
+Without the proper tools and resources, managing hundreds or thousands of devices in a school environment can be a complex and time-consuming task. Microsoft Endpoint Manager provides a collection of services that simplifies the management of devices at scale.
+
+Microsoft Intune is one of the services provided by Microsoft Endpoint Manager. The Microsoft Intune service can be managed in different ways, and one of them is **Intune for Education**, a web portal designed for education environments.
+
+:::image type="content" source="./images/intune-education-portal.png" alt-text="Intune for Education dashboard" lightbox="./images/intune-education-portal.png" border="true":::
+
+**Intune for Education** supports the entire device lifecycle, from the enrollment phase through retirement. IT administrators can start managing classroom devices with bulk enrollment options and a streamlined deployment. At the end of the school year, IT admins can reset devices, ensuring they're ready for the next year.
+
+For more information, see [Intune for Education documentation][INT-1].
+
+In this section you will:
+> [!div class="checklist"]
+> * Review Intune's licensing prerequisites
+> * Configure the Intune service for education devices
+
+## Prerequisites
+
+Before configuring settings with Intune for Education, consider the following prerequisites:
+
+- **Intune subscription.** Microsoft Intune is licensed in three ways:
+ - As a standalone service
+ - As part of [Enterprise Mobility + Security][MSFT-1]
+ - As part of a [Microsoft 365 Education subscription][MSFT-2]
+- **Device platform.** Intune for Education can manage devices running a supported version of Windows 10, Windows 11, Windows 11 SE, iOS, and iPad OS
+
+For more information, see [Intune licensing][MEM-1] and [this comparison sheet][MSFT-3], which includes a table detailing the *Microsoft Modern Work Plan for Education*.
+
+## Configure the Intune service for education devices
+
+The Intune service can be configured in different ways, depending on the needs of your school. In this section, you'll configure the Intune service using settings commonly implemented by K-12 school districts.
+
+### Configure enrollment restrictions
+
+With enrollment restrictions, you can prevent certain types of devices from being enrolled and therefore managed by Intune. For example, you can prevent the enrollment of devices that are not owned by the school.
+
+To block personally owned Windows devices from enrolling:
+
+1. Sign in to the Microsoft Endpoint Manager admin center
+1. Select **Devices** > **Enroll devices** > **Enrollment device platform restrictions**
+1. Select the **Windows restrictions** tab
+1. Select **Create restriction**
+1. On the **Basics** page, provide a name for the restriction and, optionally, a description > **Next**
+1. On the **Platform settings** page, in the **Personally owned devices** field, select **Block** > **Next**
+ :::image type="content" source="./images/enrollment-restrictions.png" alt-text="Device enrollment restriction page in Microsoft Endpoint Manager admin center" lightbox="./images/enrollment-restrictions.png" border="true":::
+1. Optionally, on the **Scope tags** page, add scope tags > **Next**
+1. On the **Assignments** page, select **Add groups**, and then use the search box to find and choose groups to which you want to apply the restriction > **Next**
+1. On the **Review + create** page, select **Create** to save the restriction
+
+For more information, see [Create a device platform restriction][MEM-2].
+
+### Disable Windows Hello for Business
+
+Windows Hello for Business is a biometric authentication feature that allows users to sign in to their devices using a PIN, password, or fingerprint. Windows Hello for Business is enabled by default on Windows devices, and to set it up, users must perform for multi-factor authentication (MFA). As a result, this feature may not be ideal for students, who may not have MFA enabled.
+It's suggested to disable Windows Hello for Business on Windows devices at the tenant level, and enabling it only for devices that need it, for example for teachers and staff devices.
+To disable Windows Hello for Business at the tenant level:
+
+1. Sign in to the Microsoft Endpoint Manager admin center
+1. Select **Devices** > **Windows** > **Windows Enrollment**
+1. Select **Windows Hello for Business**
+1. Ensure that **Configure Windows Hello for Business** is set to **disabled**
+1. Select **Save**
+
+:::image type="content" source="./images/whfb-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Endpoint Manager admin center." border="true" lightbox="./images/whfb-disable.png":::
+
+For more information how to enable Windows Hello for Business on specific devices, see [Create a Windows Hello for Business policy][MEM-4].
+
+________________________________________________________
+
+## Next steps
+
+With the Intune service configured, you can configure policies and applications in preparation to the deployment of students' and teachers' devices.
+
+> [!div class="nextstepaction"]
+> [Next: Configure devices >](configure-devices-overview.md)
+
+
+
+[MEM-1]: /mem/intune/fundamentals/licenses
+[MEM-2]: /mem/intune/enrollment/enrollment-restrictions-set
+[MEM-4]: /mem/intune/protect/windows-hello#create-a-windows-hello-for-business-policy
+
+[INT-1]: /intune-education/what-is-intune-for-education
+
+[MSFT-1]: https://www.microsoft.com/microsoft-365/enterprise-mobility-security
+[MSFT-2]: https://www.microsoft.com/licensing/product-licensing/microsoft-365-education
+[MSFT-3]: https://edudownloads.azureedge.net/msdownloads/Microsoft-Modern-Work-Plan-Comparison-Education_11-2021.pdf
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/toc.yml b/education/windows/tutorial-school-deployment/toc.yml
new file mode 100644
index 0000000000..294e70dc20
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/toc.yml
@@ -0,0 +1,38 @@
+items:
+ - name: Introduction
+ href: index.md
+ - name: 1. Prepare your tenant
+ items:
+ - name: Set up Azure Active Directory
+ href: set-up-azure-ad.md
+ - name: Set up Microsoft Intune
+ href: set-up-microsoft-intune.md
+ - name: 2. Configure settings and applications
+ items:
+ - name: Overview
+ href: configure-devices-overview.md
+ - name: Configure policies
+ href: configure-device-settings.md
+ - name: Configure applications
+ href: configure-device-apps.md
+ - name: 3. Deploy devices
+ items:
+ - name: Overview
+ href: enroll-overview.md
+ - name: Enroll devices via Azure AD join
+ href: enroll-aadj.md
+ - name: Enroll devices with provisioning packages
+ href: enroll-package.md
+ - name: Enroll devices with Windows Autopilot
+ href: enroll-autopilot.md
+ - name: 4. Manage devices
+ items:
+ - name: Overview
+ href: manage-overview.md
+ - name: Management functionalities for Surface devices
+ href: manage-surface-devices.md
+ - name: Reset and wipe devices
+ href: reset-wipe.md
+ - name: 5. Troubleshoot and get help
+ href: troubleshoot-overview.md
+
diff --git a/education/windows/tutorial-school-deployment/troubleshoot-overview.md b/education/windows/tutorial-school-deployment/troubleshoot-overview.md
new file mode 100644
index 0000000000..1bf462b5f7
--- /dev/null
+++ b/education/windows/tutorial-school-deployment/troubleshoot-overview.md
@@ -0,0 +1,60 @@
+---
+title: Troubleshoot Windows devices
+description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other Endpoint Manager services.
+ms.date: 08/31/2022
+ms.topic: tutorial
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows 11 SE
+---
+
+# Troubleshoot Windows devices
+
+Microsoft Endpoint Manager provides many tools that can help you troubleshoot Windows devices.
+Here's a collection of resources to help you troubleshoot Windows devices managed by Intune:
+
+- [Troubleshooting device enrollment in Intune][MEM-2]
+- [Troubleshooting Windows Autopilot][MEM-9]
+- [Troubleshoot Windows Wi-Fi profiles][MEM-6]
+- [Troubleshooting policies and profiles in Microsoft Intune][MEM-5]
+- [Troubleshooting BitLocker with the Intune encryption report][MEM-4]
+- [Troubleshooting CSP custom settings][MEM-8]
+- [Troubleshooting Win32 app installations with Intune][MEM-7]
+- [Troubleshooting device actions in Intune][MEM-3]
+- [**Collect diagnostics**][MEM-10] is a remote action that lets you collect and download Windows device logs without interrupting the user
+ :::image type="content" source="./images/intune-diagnostics.png" alt-text="Intune for Education dashboard" lightbox="./images/intune-diagnostics.png" border="true":::
+
+## How to contact Microsoft Support
+
+Microsoft provides global technical, pre-sales, billing, and subscription support for cloud-based device management services. This support includes Microsoft Intune, Configuration Manager, Windows 365, and Microsoft Managed Desktop.
+
+Follow these steps to obtain support in Microsoft Endpoint Manager:
+
+- Sign in to the Microsoft Endpoint Manager admin center
+- Select **Troubleshooting + support** > **Help and support**
+ :::image type="content" source="images/advanced-support.png" alt-text="Screenshot that shows how to obtain support from Microsoft Endpoint Manager." lightbox="images/advanced-support.png":::
+- Select the required support scenario: Configuration Manager, Intune, Co-management, or Windows 365
+- Above **How can we help?**, select one of three icons to open different panes: *Find solutions*, *Contact support*, or *Service requests*
+- In the **Find solutions** pane, use the text box to specify a few details about your issue. The console may offer suggestions based on what you've entered. Depending on the presence of specific keywords, the console provides help like:
+ - Run diagnostics: start automated tests and investigations of your tenant from the console to reveal known issues. When you run a diagnostic, you may receive mitigation steps to help with resolution
+ - View insights: find links to documentation that provides context and background specific to the product area or actions you've described
+ - Recommended articles: browse suggested troubleshooting topics and other content related to your issue
+- If needed, use the *Contact support* pane to file an online support ticket
+ > [!IMPORTANT]
+ > When opening a case, be sure to include as many details as possible in the *Description* field. Such information includes: timestamp and date, device ID, device model, serial number, OS version, and any other details relevant to the issue.
+- To review your case history, select the **Service requests** pane. Active cases are at the top of the list, with closed issues also available for review
+
+For more information, see [Microsoft Endpoint Manager support page][MEM-1]
+
+
+[MEM-1]: /mem/get-support
+[MEM-2]: /troubleshoot/mem/intune/troubleshoot-device-enrollment-in-intune
+[MEM-3]: /troubleshoot/mem/intune/troubleshoot-device-actions
+[MEM-4]: /troubleshoot/mem/intune/troubleshoot-bitlocker-admin-center
+[MEM-5]: /troubleshoot/mem/intune/troubleshoot-policies-in-microsoft-intune
+[MEM-6]: /troubleshoot/mem/intune/troubleshoot-wi-fi-profiles#troubleshoot-windows-wi-fi-profiles
+[MEM-7]: /troubleshoot/mem/intune/troubleshoot-win32-app-install
+[MEM-8]: /troubleshoot/mem/intune/troubleshoot-csp-custom-settings
+[MEM-9]: /mem/autopilot/troubleshooting
+[MEM-10]: /mem/intune/remote-actions/collect-diagnostics
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 958e32ad29..c54a5ce446 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -1,18 +1,8 @@
---
title: Use Set up School PCs app
description: Learn how to use the Set up School PCs app and apply the provisioning package.
-keywords: shared cart, shared PC, school, Set up School PCs, overview, how to use
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+ms.topic: how-to
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -105,7 +95,7 @@ We strongly recommend that you avoid changing preset policies. Changes can slow
The **Set up School PCs** app guides you through the configuration choices for the student PCs. To begin, open the app on your PC and click **Get started**.
- 
+ 
### Package name
Type a unique name to help distinguish your school's provisioning packages. The name appears:
@@ -115,7 +105,7 @@ Type a unique name to help distinguish your school's provisioning packages. The
A package expiration date is also attached to the end of each package. For example, *Set_Up_School_PCs (Expires 4-16-2019)*. The expiration date is 180 days after you create your package.
- 
+ 
After you click **Next**, you can no longer change the name in the app. To create a package with a different name, reopen the Set up School PCs app.
@@ -129,7 +119,7 @@ To change an existing package's name, right-click the package folder on your dev
b. To complete setup without signing in, click **Continue without account**. Student PCs won't be connected to your school's cloud services and managing them will be more difficult later. Continue to [Wireless network](#wireless-network).
2. In the new window, select the account you want to use throughout setup.
- 
+ 
To add an account not listed:
a. Click **Work or school account** > **Continue**.
@@ -140,14 +130,14 @@ To change an existing package's name, right-click the package folder on your dev
3. Click **Accept** to allow Set up School PCs to access your account throughout setup.
2. When your account name appears on the page, as shown in the image below, click **Next.**
- 
+ 
### Wireless network
Add and save the wireless network profile that you want student PCs to connect to. Only skip Wi-Fi setup if you have an Ethernet connection.
Select your school's Wi-Fi network from the list of available wireless networks, or click **Add a wireless network** to manually configure it. Then click **Next.**
- 
+ 
### Device names
Create a short name to add as a prefix to each PC. This name will help you recognize and manage this specific group of devices in your mobile device manager. The name must be five (5) characters or less.
@@ -156,19 +146,19 @@ To make sure all device names are unique, Set up School PCs automatically append
To keep the default name for your devices, click **Continue with existing names**.
- 
+ 
### Settings
Select additional settings to include in the provisioning package. To begin, select the operating system on your student PCs.
-
+
Setting selections vary based on the OS version you select. The example screenshot below shows the settings that become available when you select **Windows 10 version 1703**. The option to **Enable Autopilot Reset** is not available for this version of Windows 10.
-
+
> [!NOTE]
@@ -179,13 +169,13 @@ The following table describes each setting and lists the applicable Windows 10 v
|Setting |1703|1709|1803|1809|What happens if I select it? |Note|
|---------|---------|---------|---------|---------|---------|---------|
|Remove apps pre-installed by the device manufacturer |X|X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.|
-|Allow local storage (not recommended for shared devices) |X|X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be part of a shared cart or lab.|
-|Optimize device for a single student, instead of a shared cart or lab |X|X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
+|Allow local storage (not recommended for shared devices) |X|X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be shared between different students.|
+|Optimize device for a single student, instead of a shared cart or lab |X|X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended if the device will be shared between different students. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. |
|Let guests sign in to these PCs |X|X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.|
|Enable Autopilot Reset |Not available|X|X|X|Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.|
|Lock screen background|X|X|X|X|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.|
-After you've made your selections, click **Next**.
+After you've made your selections, click **Next**.
### Time zone
@@ -194,21 +184,21 @@ After you've made your selections, click **Next**.
Choose the time zone where your school's PCs are used. This setting ensures that all PCs are provisioned in the same time zone. When you're done, click **Next**.
-
+
### Product key
Optionally, type in a 25-digit product key to:
* Upgrade your current edition of Windows. For example, if you want to upgrade from Windows 10 Education to Windows 10 Education Pro, enter the product key for the Pro edition.
* Change the product key. If you want to associate student devices with a new or different Windows 10 product key, enter it now.
-
+
### Take a Test
Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student PC so that students can't access anything else on the device.
1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' PCs.
- 
+ 
2. Select from the advanced settings. Available settings include:
* Allow keyboard auto-suggestions: Allows app to suggest words as the student types on the PC's keyboard.
@@ -224,7 +214,7 @@ If there aren't any apps in your Microsoft Store inventory, or you don't have th
After you've made your selections, click **Next**.
- 
+ 
The following table lists the recommended apps you'll see.
@@ -241,7 +231,7 @@ Upload custom images to replace the student devices' default desktop and lock sc
If you don't want to upload custom images or use the images that appear in the app, click **Continue without personalization**. This option does not apply any customizations, and instead uses the devices' default or preset images.
- 
+ 
### Summary
@@ -249,22 +239,22 @@ Review all of the settings for accuracy and completeness. Check carefully. To ma
1. To make changes now, click any page along the left side of the window.
2. When finished, click **Accept**.
- 
+ 
### Insert USB
1. Insert a USB drive. The **Save** button will light up when your computer detects the USB.
2. Choose your USB drive from the list and click **Save**.
- 
+ 
3. When the package is ready, you'll see the filename and package expiration date. You can also click **Add a USB** to save the same provisioning package to another USB drive. When you're done, remove the USB drive and click **Next**.
- 
+ 
## Run package - Get PCs ready
Complete each step on the **Get PCs ready** page to prepare student PCs for set-up. Then click **Next**.
- 
+ 
## Run package - Install package on PC
@@ -279,14 +269,14 @@ When used in context of the Set up School PCs app, the word *package* refers to
If the PC has gone past the account setup screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
- 
+ 
2. Insert the USB drive. Windows automatically recognizes and installs the package.
- 
+ 
3. When you receive the message that it's okay to remove the USB drive, remove it from the PC. If there are more PCs to set up, insert the USB drive into the next PC.
- 
+ 
4. If you didn't set up the package with Azure AD Join, continue the Windows device setup experience. If you did configure the package with Azure AD Join, the computer is ready for use and no further configurations are required.
diff --git a/education/windows/windows-11-se-faq.yml b/education/windows/windows-11-se-faq.yml
new file mode 100644
index 0000000000..36582145e0
--- /dev/null
+++ b/education/windows/windows-11-se-faq.yml
@@ -0,0 +1,68 @@
+### YamlMime:FAQ
+metadata:
+ title: Windows 11 SE Frequently Asked Questions (FAQ)
+ description: Use these frequently asked questions (FAQ) to learn important details about Windows 11 SE.
+ ms.prod: windows
+ ms.technology: windows
+ author: paolomatarazzo
+ ms.author: paoloma
+ manager: aaroncz
+ ms.reviewer:
+ ms.collection: education
+ ms.topic: faq
+ localizationpriority: medium
+ ms.date: 09/14/2022
+ appliesto:
+ - ✅ Windows 11 SE
+
+title: Common questions about Windows 11 SE
+summary: Windows 11 SE combines the power and privacy of Windows 11 with educator feedback to create a simplified experience on devices built for education. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows 11 SE so you can get to what matters most.
+
+sections:
+ - name: General
+ questions:
+ - question: What is Windows 11 SE?
+ answer: |
+ Windows 11 SE is a new cloud-first operating system that offers the power and reliability of Windows 11 with a simplified design and tools specially designed for schools.
+ To learn more, see [Windows 11 SE Overview](/education/windows/windows-11-se-overview).
+ - question: Who is the Windows 11 SE designed for?
+ answer: |
+ Windows 11 SE is designed for students in grades K-8 who use a laptop provided by their school, in a 1:1 scenario.
+ - question: What are the major differences between Windows 11 and Windows 11 SE?
+ answer: |
+ Windows 11 SE was created based on feedback from educators who wanted a distraction-free experience for their students. Here are some of the differences that you'll find in Windows 11 SE:
+ - Experience a simplified user interface so you can stay focused on the important stuff
+ - Only IT admins can install apps. Users will not be able to access the Microsoft Store or download apps from the internet
+ - Use Snap Assist to maximize screen space on smaller screens with two-window snapping
+ - Store your Desktop, Documents, and Photos folders in the cloud using OneDrive, so your work is backed up and easy to find
+ - Express yourself and celebrate accomplishments with the *emoji and GIF panel* and *Stickers*
+ - name: Deployment
+ questions:
+ - question: Can I load Windows 11 SE on any hardware?
+ answer: |
+ Windows 11 SE is only available on devices that are built for education. To learn more, see [Windows 11 SE Overview](/education/windows/windows-11-se-overview).
+ - name: Applications and settings
+ questions:
+ - question: How can I install applications on Windows 11 SE?
+ answer: |
+ You can use Microsoft Intune to install applications on Windows 11 SE.
+ For more information, see [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps).
+ - question: What apps will work on Windows 11 SE?
+ answer: |
+ Windows 11 SE supports all web applications and a curated list of desktop applications. You can prepare and add a desktop app to Microsoft Intune as a Win32 app from the [approved app list](/education/windows/windows-11-se-overview), then distribute it.
+ For more information, see [Considerations for Windows 11 SE](/education/windows/tutorial-school-deployment/configure-device-apps#considerations-for-windows-11-se).
+ - question: Why there's no application store on Windows 11 SE?
+ answer: |
+ IT Admins can manage system settings (including application installation and the application store) to ensure all students have a safe, distraction-free experience. On Windows SE devices, you have pre-installed apps from Microsoft, from your IT admin, and from your device manufacturer. You can continue to use web apps on the Microsoft Edge browser, as web apps do not require installation.
+ For more information, see [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps).
+ - question: What does the error 0x87D300D9 mean in the Intune for Education portal?
+ answer: |
+ This error means that the app you are trying to install is not supported on Windows 11 SE. If you have an app that fails with this error, then:
+ - Make sure the app is on the [available applications list](/education/windows/windows-11-se-overview#available-applications). Or, make sure your app is [approved for Windows 11 SE](/education/windows/windows-11-se-overview#add-your-own-applications)
+ - If the app is approved, then it's possible the app is not packaged correctly. For more information, [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps)
+ - If the app isn't approved, then it won't run on Windows 11 SE. To get apps approved, see [Add your own applications](/education/windows/windows-11-se-overview#add-your-own-applications). Or, use an app that runs in a web browser, such as a web app or PWA
+ - name: Out-of-box experience (OOBE)
+ questions:
+ - question: My Windows 11 SE device is stuck in OOBE, how can I troubleshoot it?
+ answer: |
+ To access the Settings application during OOBE on a Windows 11 SE device, press Shift+F10, then select the accessibility icon :::image type="icon" source="images/icons/accessibility.svg"::: on the bottom-right corner of the screen. From the Settings application, you can troubleshoot the OOBE process and, optionally, trigger a device reset.
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 32691a8669..1dcaf9dc8b 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -1,137 +1,173 @@
---
-title: What is Windows 11 SE
-description: Learn more about Windows 11 SE, and the apps that are included with the operating system. Read about the features IT professionals and administrators should know about Windows 11 SE. Add and deploy your apps using Microsoft Intune for Education.
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ Windows 11 SE
+title: Windows 11 SE Overview
+description: Learn about Windows 11 SE, and the apps that are included with the operating system.
+ms.topic: article
+ms.date: 09/12/2022
+appliesto:
+ - ✅ Windows 11 SE
+ms.collection:
+ - highpri
---
-# Windows 11 SE for Education
+# Windows 11 SE Overview
-Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately).
+Windows 11 SE is an edition of Windows that's designed for education. Windows SE runs on web-first devices that use essential education apps, and it comes with Microsoft Office 365 preinstalled (subscription sold separately).
For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:
-- A simplified and secure experience for students. Student privacy is prioritized.
-- Admins remotely manage Windows 11 SE devices using [Microsoft Intune for Education](/intune-education/what-is-intune-for-education).
-- It's built for low-cost devices.
-- It has a curated app experience, and is designed to only run essential education apps.
+- A simplified and secure experience for students, where student privacy is prioritized. With a curated allowlist of applications maintained by Microsoft, Windows SE is designed to only run essential education apps
+- IT admin can remotely manage Windows 11 SE devices using [Microsoft Intune for Education][INT-1]
+- It's built for low-cost devices
+
+:::image type="content" source="./images/windows-11-se.png" alt-text="Screenshot of Windows 11 SE showing Start menu and taskbar with default layout" border="false":::
## Get Windows 11 SE
-Windows 11 SE is only available preinstalled on devices from OEMs. The OEM installs Windows 11 SE, and makes the devices available for you to purchase. For example, you'll be able to purchase Microsoft Surface devices with Windows 11 SE already installed.
+Windows 11 SE is only available preinstalled on devices from OEMs. OEMs install Windows 11 SE, and make the devices available for you to purchase. For example, you can purchase Microsoft Surface SE devices with Windows 11 SE already installed.
-## Available apps
+## Application types
-Windows 11 SE comes with some preinstalled apps. The following apps can also run on Windows 11 SE, and are deployed using the [Intune for Education portal](https://intuneeducation.portal.azure.com). For more information, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
+The following table lists the different application types available in Windows operating systems, detailing which application types are enabled in Windows 11 SE.
+| App type | Description | Enabled | Note|
+| --- | --- | :---: | ---|
+|Progressive Web Apps (PWAs) | PWAs are web-based applications that can run in a browser and that can be installed as standalone apps. |✅|PWAs are enabled by default in Windows 11 SE.|
+| Web apps | Web apps are web-based applications that run in a browser. | ✅ | Web apps are enabled by default in Windows 11 SE. |
+|Win32| Win32 applications are Windows classic applications that may require installation |⛔| If users try to install or execute Win32 applications that haven't been allowed to run, they'll fail.|
+|Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and may require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they'll fail.|
-| Application | Supported version | App Type | Vendor |
-| --- | --- | --- | --- |
-|AirSecure |8.0.0 |Win32 |AIR|
-|Brave Browser |1.34.80|Win32 |Brave|
-|Bulb Digital Portfolio |0.0.7.0|Store|Bulb|
-|Cisco Umbrella |3.0.110.0 |Win32 |Cisco|
-|CKAuthenticator |3.6 |Win32 |Content Keeper|
-|Class Policy |114.0.0 |Win32 |Class Policy|
-|Classroom.cloud |1.40.0004 |Win32 |NetSupport|
-|CoGat Secure Browser |11.0.0.19 |Win32 |Riverside Insights|
-|Dragon Professional Individual |15.00.100 |Win32 |Nuance Communications|
-|DRC INSIGHT Online Assessments |12.0.0.0 |Store |Data recognition Corporation|
-|Duo from Cisco |2.25.0 |Win32 |Cisco|
-|e-Speaking Voice and Speech recognition |4.4.0.8 |Win32 |e-speaking|
-|eTests |4.0.25 |Win32 |CASAS|
-|FortiClient |7.0.1.0083 |Win32 |Fortinet|
-|Free NaturalReader |16.1.2 |Win32 |Natural Soft|
-|GoGuardian |1.4.4 |Win32 |GoGuardian|
-|Google Chrome |102.0.5005.115|Win32 |Google|
-|Illuminate Lockdown Browser |2.0.5 |Win32 |Illuminate Education|
-|Immunet |7.5.0.20795 |Win32 |Immunet|
-|JAWS for Windows |2022.2112.24 |Win32 |Freedom Scientific|
-|Kite Student Portal |8.0.3.0 |Win32 |Dynamic Learning Maps|
-|Kortext |2.3.433.0 |Store |Kortext|
-|Kurzweil 3000 Assistive Learning |20.13.0000 |Win32 |Kurzweil Educational Systems|
-|LanSchool |9.1.0.46 |Win32 |Stoneware|
-|Lightspeed Smart Agent |2.6.2 |Win32 |Lightspeed Systems|
-|Microsoft Connect |10.0.22000.1 |Store |Microsoft|
-|Mozilla Firefox |99.0.1 |Win32 |Mozilla|
-|NAPLAN |2.5.0 |Win32 |NAP|
-|NetSupport Manager |12.01.0011 |Win32 |NetSupport|
-|NetSupport Notify |5.10.1.215 |Win32 |NetSupport|
-|NetSupport School |14.00.0011 |Win32 |NetSupport|
-|NextUp Talker |1.0.49 |Win32 |NextUp Technologies|
-|NonVisual Desktop Access |2021.3.1 |Win32 |NV Access|
-|NWEA Secure Testing Browser |5.4.300.0 |Win32 |NWEA|
-|Pearson TestNav |1.10.2.0 |Store |Pearson|
-|Questar Secure Browser |4.8.3.376 |Win32 |Questar, Inc|
-|ReadAndWriteForWindows |12.0.60.0 |Win32 |Texthelp Ltd.|
-|Remote Desktop client (MSRDC) |1.2.3213.0 |Win32 |Microsoft|
-|Remote Help |3.8.0.12 |Win32 |Microsoft|
-|Respondus Lockdown Browser |2.0.8.05 |Win32 |Respondus|
-|Safe Exam Browser |3.3.2.413 |Win32 |Safe Exam Browser|
-|Secure Browser |14.0.0 |Win32 |Cambium Development|
-|Senso.Cloud |2021.11.15.0 |Win32|Senso.Cloud|
-|SuperNova Magnifier & Screen Reader |21.02 |Win32 |Dolphin Computer Access|
-|Zoom |5.9.1 (2581)|Win32 |Zoom|
-|ZoomText Fusion |2022.2109.10|Win32 |Freedom Scientific|
-|ZoomText Magnifier/Reader |2022.2109.25|Win32 |Freedom Scientific|
+> [!IMPORTANT]
+> If there are specific Win32 or UWP applications that you want to allow, work with Microsoft to get them enabled. For more information, see [Add your own applications](#add-your-own-applications).
-### Enabled apps
+## Applications included in Windows 11 SE
-| App type | Enabled |
-| --- | --- |
-| Apps that run in a browser | ✔️ Apps that run in a browser, like Progressive Web Apps (PWA) and Web apps, can run on Windows 11 SE without any changes or limitations. |
-| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails.
✔️ If there are specific installation-type apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
+The following table lists all the applications included in Windows 11 SE and the pinning to either the Start menu or to the taskbar.
-### Add your own apps
+| App name | App type | Pinned to Start? | Pinned to taskbar? |
+|:-----------------------------|:--------:|:----------------:|:------------------:|
+| Alarm & Clock | UWP | | |
+| Calculator | UWP | ✅ | |
+| Camera | UWP | ✅ | |
+| Microsoft Edge | Win32 | ✅ | ✅ |
+| Excel | Win32 | ✅ | |
+| Feedback Hub | UWP | | |
+| File Explorer | Win32 | | ✅ |
+| FlipGrid | PWA | | |
+| Get Help | UWP | | |
+| Media Player | UWP | ✅ | |
+| Maps | UWP | | |
+| Minecraft: Education Edition | UWP | | |
+| Movies & TV | UWP | | |
+| News | UWP | | |
+| Notepad | Win32 | | |
+| OneDrive | Win32 | | |
+| OneNote | Win32 | ✅ | |
+| Outlook | PWA | ✅ | |
+| Paint | Win32 | ✅ | |
+| Photos | UWP | | |
+| PowerPoint | Win32 | ✅ | |
+| Settings | UWP | ✅ | |
+| Snip & Sketch | UWP | | |
+| Sticky Notes | UWP | | |
+| Teams | Win32 | ✅ | |
+| To Do | UWP | | |
+| Whiteboard | UWP | ✅ | |
+| Word | Win32 | ✅ | |
-If the apps you need aren't shown in the [available apps list](#available-apps) (in this article), then you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account.
+## Available applications
+
+The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1]
+
+| Application | Supported version | App Type | Vendor |
+|-----------------------------------------|-------------------|----------|------------------------------|
+| AirSecure | 8.0.0 | Win32 | AIR |
+| Alertus Desktop | 5.4.44.0 | Win32 | Alertus technologies |
+| Brave Browser | 106.0.5249.65 | Win32 | Brave |
+| Bulb Digital Portfolio | 0.0.7.0 | Store | Bulb |
+| CA Secure Browser | 14.0.0 | Win32 | Cambium Development |
+| Cisco Umbrella | 3.0.110.0 | Win32 | Cisco |
+| CKAuthenticator | 3.6+ | Win32 | Content Keeper |
+| Class Policy | 114.0.0 | Win32 | Class Policy |
+| Classroom.cloud | 1.40.0004 | Win32 | NetSupport |
+| CoGat Secure Browser | 11.0.0.19 | Win32 | Riverside Insights |
+| Dragon Professional Individual | 15.00.100 | Win32 | Nuance Communications |
+| DRC INSIGHT Online Assessments | 12.0.0.0 | Store | Data recognition Corporation |
+| Duo from Cisco | 2.25.0 | Win32 | Cisco |
+| e-Speaking Voice and Speech recognition | 4.4.0.8 | Win32 | e-speaking |
+| eTests | 4.0.25 | Win32 | CASAS |
+| FortiClient | 7.2.0.4034+ | Win32 | Fortinet |
+| Free NaturalReader | 16.1.2 | Win32 | Natural Soft |
+| Ghotit Real Writer & Reader | 10.14.2.3 | Win32 | Ghotit Ltd |
+| GoGuardian | 1.4.4 | Win32 | GoGuardian |
+| Google Chrome | 102.0.5005.115 | Win32 | Google |
+| Illuminate Lockdown Browser | 2.0.5 | Win32 | Illuminate Education |
+| Immunet | 7.5.0.20795 | Win32 | Immunet |
+| Impero Backdrop Client | 4.4.86 | Win32 | Impero Software |
+| JAWS for Windows | 2022.2112.24 | Win32 | Freedom Scientific |
+| Kite Student Portal | 8.0.3.0 | Win32 | Dynamic Learning Maps |
+| Kortext | 2.3.433.0 | Store | Kortext |
+| Kurzweil 3000 Assistive Learning | 20.13.0000 | Win32 | Kurzweil Educational Systems |
+| LanSchool Classic | 9.1.0.46 | Win32 | Stoneware, Inc. |
+| LanSchool Air | 2.0.13312 | Win32 | Stoneware, Inc. |
+| Lightspeed Smart Agent | 1.9.1 | Win32 | Lightspeed Systems |
+| MetaMoJi ClassRoom | 3.12.4.0 | Store | MetaMoJi Corporation |
+| Microsoft Connect | 10.0.22000.1 | Store | Microsoft |
+| Mozilla Firefox | 99.0.1 | Win32 | Mozilla |
+| NAPLAN | 2.5.0 | Win32 | NAP |
+| Netref Student | 22.2.0 | Win32 | NetRef |
+| NetSupport Manager | 12.01.0014 | Win32 | NetSupport |
+| NetSupport Notify | 5.10.1.215 | Win32 | NetSupport |
+| NetSupport School | 14.00.0011 | Win32 | NetSupport |
+| NextUp Talker | 1.0.49 | Win32 | NextUp Technologies |
+| NonVisual Desktop Access | 2021.3.1 | Win32 | NV Access |
+| NWEA Secure Testing Browser | 5.4.356.0 | Win32 | NWEA |
+| Pearson TestNav | 1.10.2.0 | Store | Pearson |
+| Questar Secure Browser | 4.8.3.376 | Win32 | Questar, Inc |
+| ReadAndWriteForWindows | 12.0.60.0 | Win32 | Texthelp Ltd. |
+| Remote Desktop client (MSRDC) | 1.2.3213.0 | Win32 | Microsoft |
+| Remote Help | 3.8.0.12 | Win32 | Microsoft |
+| Respondus Lockdown Browser | 2.0.9.00 | Win32 | Respondus |
+| Safe Exam Browser | 3.3.2.413 | Win32 | Safe Exam Browser |
+| Senso.Cloud | 2021.11.15.0 | Win32 | Senso.Cloud |
+| SuperNova Magnifier & Screen Reader | 21.02 | Win32 | Dolphin Computer Access |
+| Zoom | 5.9.1 (2581) | Win32 | Zoom |
+| ZoomText Fusion | 2022.2109.10 | Win32 | Freedom Scientific |
+| ZoomText Magnifier/Reader | 2022.2109.25 | Win32 | Freedom Scientific |
+
+## Add your own applications
+
+If the applications you need aren't in the [available applications list](#available-applications), then you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account.
Microsoft reviews every app request to make sure each app meets the following requirements:
-- Apps can be any native Windows app type, such as a Microsoft Store app, Win32 app, `.MSIX`, `.APPX`, and more.
-
-- Apps must be in one of the following app categories:
- - Content Filtering apps
- - Test Taking solutions
+- Apps can be any native Windows app type, such as a Microsoft Store app, Win32 app, `.MSIX`, `.APPX`, and more
+- Apps must be in one of the following app categories:
+ - Content Filtering apps
+ - Test Taking solutions
- Assistive technologies
- - Classroom communication apps
+ - Classroom communication apps
- Essential diagnostics, management, and supportability apps
-
-- Apps must meet the performance [requirements of Windows 11](/windows/whats-new/windows-11-requirements).
-
+- Apps must meet the performance [requirements of Windows 11][WIN-1]
- Apps must meet the following security requirements:
- - All app binaries are code-signed.
- - All files include the `OriginalFileName` in the resource file header.
- - All kernel drivers are WHQL-signed.
-
-- Apps don't have an equivalent web application.
-
-- Apps can't invoke any processes that can be used to jailbreak a device, automate jailbreaks, or present a security risk. For example, processes such as Reg.exe, CBE.exe, CMD.exe, and KD.exe are blocked on Windows 11 SE.
+ - All app binaries are code-signed
+ - All files include the `OriginalFileName` in the resource file header
+ - All kernel drivers are WHQL-signed
+- Apps don't have an equivalent web application
+- Apps can't invoke any processes that can be used to jailbreak a device, automate jailbreaks, or present a security risk. For example, processes such as Reg.exe, CBE.exe, CMD.exe, and KD.exe are blocked on Windows 11 SE
If the app meets the requirements, Microsoft works with the Independent Software Vendor (ISV) to test the app, and make sure the app works as expected on Windows 11 SE.
-When the app is ready, Microsoft will update you. Then, you add the app to the [Intune for Education portal](https://intuneeducation.portal.azure.com), and [assign](/intune-education/assign-apps) it to your Windows 11 SE devices.
+When the app is ready, Microsoft will update you. Then, you add the app to the Intune for Education portal, and assign it to your Windows 11 SE devices.
-For more information on Intune requirements for adding education apps, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
-
-### 0x87D300D9 error with an app
-
-When you deploy an app using Intune for Education, you may get a `0x87D300D9` error code with a `Failed` state in the [Intune for Education portal](https://intuneeducation.portal.azure.com). If you have an app that fails with this error, then:
-
-- Make sure the app is on the [available apps list](#available-apps) (in this article). Or, make sure your app is [approved for Windows 11 SE](#add-your-own-apps) (in this article).
-- If the app is approved, then it's possible the app is packaged wrong. For more information, see [Add your own apps](#add-your-own-apps) (in this article) and [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
-- If the app isn't approved, then it won't run on Windows 11 SE. To get apps approved, see [Add your own apps](#add-your-own-apps) (in this article). Or, use an app that runs in a web browser, such as a web app or PWA.
+For more information on Intune requirements for adding education apps, see [Configure applications with Microsoft Intune][EDUWIN-1].
## Related articles
-- [Use Intune for Education to manage devices running Windows 11 SE](/intune-education/windows-11-se-overview)
+- [Tutorial: deploy and manage Windows devices in a school][EDUWIN-2]
+
+[INT-1]: /intune-education/what-is-intune-for-education
+
+[EDUWIN-1]: /education/windows/tutorial-school-deployment/configure-device-apps
+[EDUWIN-2]: /education/windows/tutorial-school-deployment/
+
+[WIN-1]: /windows/whats-new/windows-11-requirements
diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md
index e654aff272..7cd1a683ce 100644
--- a/education/windows/windows-11-se-settings-list.md
+++ b/education/windows/windows-11-se-settings-list.md
@@ -1,23 +1,15 @@
---
title: Windows 11 SE settings list
description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
-ms.prod: windows
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: mobile
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
+ms.topic: article
+ms.date: 09/12/2022
appliesto:
- ✅ Windows 11 SE
---
# Windows 11 SE for Education settings list
-Windows 11 SE automatically configures settings and features in the operating system. These settings use the Configuration Service Provider (CSPs) provided by Microsoft. You can use an MDM provider to configure these settings.
+Windows 11 SE automatically configures certain settings and features in the operating system. You can use Microsoft Intune to customize these settings.
This article lists the settings automatically configured. For more information on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md).
@@ -25,26 +17,26 @@ This article lists the settings automatically configured. For more information o
The following table lists and describes the settings that can be changed by administrators.
-| Setting | Description |
-| --- | --- |
-| Block manual unenrollment | Default: Blocked
Users can't unenroll their devices from device management services.
[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment) |
-| Allow option to Show Network | Default: Allowed
Gives users the option to see the **Show Network** folder in File Explorer. |
-| Allow option to Show This PC | Default: Allowed
Gives user the option to see the **Show This PC** folder in File Explorer. |
-| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads
Gives user access to these folders. |
-| Set Allowed Storage Locations | Default: Blocks local drives and network drives
Blocks user access to these storage locations. |
-| Allow News and Interests | Default: Hide
Hides widgets. |
-| Disable advertising ID | Default: Disabled
Blocks apps from using usage data to tailor advertisements.
|
-| Enable App Install Control | Default: Turned On
Users can't download apps from the internet.
[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
-| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days
If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.
Specify a jpg, jpeg, or png image to be used as the desktop image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
Specify a jpg, jpeg, or png image to be used as lock screen image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) |
+| Setting | Description | Default Value |
+| --- | --- | --- |
+| Block manual unenrollment | When blocked, users can't unenroll their devices from device management services.
[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment) | Blocked |
+| Allow option to Show Network | When allowed, it gives users the option to see the **Show Network** folder in File Explorer. | Allowed |
+| Allow option to Show This PC | When allowed, it gives users the option to see the **Show This PC** folder in File Explorer. | Allowed |
+| Set Allowed Folder location | Gives user access to these folders. | Default folders: Documents, Desktop, Pictures, and Downloads |
+| Set Allowed Storage Locations | Blocks user access to these storage locations. | Blocks local drives and network drives |
+| Allow News and Interests | Hides widgets. | Hide |
+| Disable advertising ID | Blocks apps from using usage data to tailor advertisements.
||
+| Enable App Install Control | When enabled, users can't download apps from the internet.
[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)| Enabled |
+| Configure Storage Sense Cloud Content Dehydration Threshold | If a file hasn't been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again.
[Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) | 30 days |
+| Allow Telemetry | With *Required Telemetry Only*, it sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date.
[System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Required Telemetry Only |
+| Allow Experimentation | When disabled, Microsoft can't experiment with the product to study user preferences or device behavior.
[System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) | Disabled |
+| Block external extensions | When blocked, in Microsoft Edge users can't install external extensions.
[BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions) | Blocked |
+| Configure new tab page | Set the new tab page defaults to a specific url.
[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url) | `Office.com` |
+| Configure homepage | Set the Microsoft Edge's homepage default.
[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage) | `Office.com` |
+| Prevent SmartScreen prompt override | When enabled, in Microsoft Edge, users can't override Windows Defender SmartScreen warnings.
[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride) | Enabled |
+| Wallpaper Image Customization | Specify a jpg, jpeg, or png image to be used as the desktop image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
[DesktopImageUrl](/windows/client-management/mdm/personalization-csp) | Not configured |
+| Lock Screen Image Customization | Specify a jpg, jpeg, or png image to be used as lock screen image. This setting can take an http or https URL to a remote image to be downloaded, a file URL to a local image.
[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp) | Not configured |
## Settings that can't be changed
@@ -61,45 +53,6 @@ The following settings can't be changed.
| Administrative tools | Administrative tools, such as the command prompt and Windows PowerShell, can't be opened. Windows PowerShell scripts deployed using Microsoft Endpoint Manager can run. |
| Apps | Only certain apps are allowed to run on Windows 11 SE. For more info on what apps can run on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md). |
-## What's available in the Settings app
-
-On Windows 11 SE devices, the Settings app shows the following setting pages. Depending on the hardware, some setting pages might not be shown.
-
-- Accessibility
-
-- Accounts
- - Email & accounts
-
-- Apps
-
-- Bluetooth & devices
- - Bluetooth
- - Printers & scanners
- - Mouse
- - Touchpad
- - Typing
- - Pen
- - AutoPlay
-
-- Network & internet
- - WiFi
- - VPN
-
-- Personalization
- - Taskbar
-
-- Privacy & security
-
-- System
- - Display
- - Notifications
- - Tablet mode
- - Multitasking
- - Projecting to this PC
-
-- Time & Language
- - Language & region
-
## Next steps
[Windows 11 SE for Education overview](windows-11-se-overview.md)
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index b53f4a28bc..90b399237d 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -1,18 +1,8 @@
---
title: Windows 10 editions for education customers
-description: Provides an overview of the two Windows 10 editions that are designed for the needs of K-12 institutions.
-keywords: Windows 10 Pro Education, Windows 10 Education, Windows 10 editions, education customers
-ms.prod: windows
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: edu
-ms.localizationpriority: medium
-ms.collection: education
-author: paolomatarazzo
-ms.author: paoloma
+description: Learn about the two Windows 10 editions that are designed for the needs of education institutions.
+ms.topic: article
ms.date: 08/10/2022
-ms.reviewer:
-manager: aaroncz
appliesto:
- ✅ Windows 10
---
@@ -21,7 +11,7 @@ appliesto:
Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](/windows/security/security-foundations) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
-Beginning with version 1607, Windows 10 offers various new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows-10.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
+Beginning with version 1607, Windows 10 offers various new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
@@ -63,7 +53,7 @@ For any other questions, contact [Microsoft Customer Service and Support](https:
## Related topics
- [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
-- [Windows deployment for education](./index.md)
+- [Windows deployment for education](./index.yml)
- [Windows 10 upgrade paths](/windows/deployment/upgrade/windows-10-upgrade-paths)
- [Volume Activation for Windows 10](/windows/deployment/volume-activation/volume-activation-windows-10)
- [Plan for volume activation](/windows/deployment/volume-activation/plan-for-volume-activation-client)
diff --git a/gdpr/docfx.json b/gdpr/docfx.json
deleted file mode 100644
index d786f46f58..0000000000
--- a/gdpr/docfx.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
- "build": {
- "content": [
- {
- "files": [
- "**/*.md",
- "**/*.yml"
- ],
- "exclude": [
- "**/obj/**",
- "**/includes/**",
- "README.md",
- "LICENSE",
- "LICENSE-CODE",
- "ThirdPartyNotices"
- ]
- }
- ],
- "resource": [
- {
- "files": [
- "**/*.png",
- "**/*.jpg"
- ],
- "exclude": [
- "**/obj/**",
- "**/includes/**"
- ]
- }
- ],
- "overwrite": [],
- "externalReference": [],
- "globalMetadata": {
- "recommendations": true,
- "author": "eross-msft",
- "ms.author": "lizross",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ]
- },
- "fileMetadata": {},
- "template": [],
- "dest": "gdpr",
- "markdownEngineName": "dfm"
- }
-}
\ No newline at end of file
diff --git a/mdop/docfx.json b/mdop/docfx.json
deleted file mode 100644
index 6ff865c683..0000000000
--- a/mdop/docfx.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
- "build": {
- "content": [
- {
- "files": [
- "**/**.md",
- "**/**.yml"
- ],
- "exclude": [
- "**/obj/**"
- ]
- }
- ],
- "resource": [
- {
- "files": [
- "**/images/**"
- ],
- "exclude": [
- "**/obj/**"
- ]
- }
- ],
- "globalMetadata": {
- "recommendations": true,
- "breadcrumb_path": "/microsoft-desktop-optimization-pack/breadcrumb/toc.json",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.technology": "windows",
- "audience": "ITPro",
- "manager": "dansimp",
- "ms.prod": "w10",
- "ms.author": "dansimp",
- "author": "dansimp",
- "ms.sitesec": "library",
- "ms.topic": "article",
- "ms.date": "04/05/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "https://github.com/MicrosoftDocs/mdop-docs",
- "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.mdop",
- "folder_relative_path_in_docset": "./"
- }
- },
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "Kellylorenebaker",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ],
- "titleSuffix": "Microsoft Desktop Optimization Pack"
- },
- "externalReference": [],
- "template": "op.html",
- "dest": "mdop",
- "markdownEngineName": "markdig"
- }
-}
diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md
index 882b7e57ba..d6bbee15ca 100644
--- a/store-for-business/acquire-apps-microsoft-store-for-business.md
+++ b/store-for-business/acquire-apps-microsoft-store-for-business.md
@@ -1,7 +1,6 @@
---
title: Acquire apps in Microsoft Store for Business (Windows 10)
description: As an admin, you can acquire apps from the Microsoft Store for Business for your employees. Some apps are free, and some have a price. For info on app types that are supported, see Apps in the Microsoft Store for Business.
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -17,7 +16,7 @@ ms.date: 07/21/2021
# Acquire apps in Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -38,7 +37,7 @@ Some apps are free, and some have a price. Apps can be purchased in the Microsof
- Japan Commercial Bureau (JCB)
## Organization info
-There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information** or **Payments & billing** page before you buy apps. If you haven’t provided it, we’ll ask when you make a purchase. Either way works. Here’s the info you’ll need to provide:
+There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information** or **Payments & billing** page before you buy apps. If you haven't provided it, we'll ask when you make a purchase. Either way works. Here's the info you'll need to provide:
- Legal business address
- Payment option (credit card)
@@ -73,10 +72,10 @@ People in your org can request license for apps that they need, or that others n
3. Select the app you want to purchase.
4. On the product description page, choose your license type - either online or offline.
5. Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and select **Next**.
-6. If you don’t have a payment method saved in **Billing & payments**, we will prompt you for one.
+6. If you don't have a payment method saved in **Billing & payments**, we will prompt you for one.
7. Add your credit card or debit card info, and select **Next**. Your card info is saved as a payment option on **Billing & payments - Payment methods**.
-You’ll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](./update-microsoft-store-for-business-account-settings.md#organization-tax-information).
+You'll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](./update-microsoft-store-for-business-account-settings.md#organization-tax-information).
Microsoft Store adds the app to your inventory. From **Products & services**, you can:
- Distribute the app: add to private store, or assign licenses
diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 2ee659bb6b..4ea7713429 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -1,7 +1,6 @@
---
title: Manage Windows device deployment with Windows Autopilot Deployment
description: Add an Autopilot profile to devices. Autopilot profiles control what is included in Windows set up experience for your employees.
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -20,7 +19,7 @@ ms.localizationpriority: medium
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot).
@@ -136,11 +135,11 @@ Here's info on some of the errors you might see while working with Autopilot dep
| ---------- | ------------------- |
| wadp001 | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
| wadp002 | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
-| wadp003 | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
+| wadp003 | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You're over the limit! Divide this device data into multiple .csv files. |
| wadp004 | Try that again. Something happened on our end. Waiting a bit might help. |
| wadp005 | Check your .csv file with your device provider. One of the devices on your list has been claimed by another organization. |
| wadp006 | Try that again. Something happened on our end. Waiting a bit might help. |
| wadp007 | Check the info for this device in your .csv file. The device is already registered in your organization. |
| wadp008 | The device does not meet Autopilot Deployment requirements. |
-| wadp009 | Check with your device provider for an update .csv file. The current file doesn’t work |
+| wadp009 | Check with your device provider for an update .csv file. The current file doesn't work |
| wadp010 | Try that again. Something happened on our end. Waiting a bit might help. |
\ No newline at end of file
diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
index d96d350d9d..a8b8b8d0a5 100644
--- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md
+++ b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
@@ -3,7 +3,6 @@ title: Add unsigned app to code integrity policy (Windows 10)
description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
ms.reviewer:
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store, security
@@ -18,72 +17,70 @@ ms.date: 07/21/2021
# Add unsigned app to code integrity policy
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
>
-> Following are the major changes we are making to the service:
+> Following are the major changes we are making to the service:
+>
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download at [https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/).
-> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
+> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
+>
> - Get a CI policy
> - Sign a CI policy
-> - Sign a catalog
+> - Sign a catalog
> - Download root cert
-> - Download history of your signing operations
+> - Download history of your signing operations
>
-> For any questions, please contact us at DGSSMigration@microsoft.com.
-
+> For any questions, please contact us at DGSSMigration@microsoft.com.
**Applies to**
-- Windows 10
+- Windows 10
When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies.
-## In this section
-- [Create a code integrity policy based on a reference device](#create-ci-policy)
-- [Create catalog files for your unsigned app](#create-catalog-files)
-- [Catalog signing with Device Guard signing portal](#catalog-signing-device-guard-portal)
+## Create a code integrity policy based on a reference device
-## Create a code integrity policy based on a reference device
To add an unsigned app to a code integrity policy, your code integrity policy must be created from golden image machine. For more information, see [Create a Device Guard code integrity policy based on a reference device](/windows/device-security/device-guard/device-guard-deployment-guide).
-## Create catalog files for your unsigned app
+## Create catalog files for your unsigned app
+
Creating catalog files starts the process for adding an unsigned app to a code integrity policy.
Before you get started, be sure to review these best practices and requirements:
-**Requirements**
+### Requirements
- You'll use Package Inspector during this process.
- Only perform this process with a code integrity policy running in audit mode. You should not perform this process on a system running an enforced Device Guard policy.
-**Best practices**
+### Best practices
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
-- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-ci-policy) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
+- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-a-code-integrity-policy-based-on-a-reference-device) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.
-**To create catalog files for your unsigned app**
+### To create catalog files for your unsigned app
-1. Start Package Inspector to scan the C drive.
+1. Start Package Inspector to scan the C drive.
`PackageInspector.exe Start C:`
-2. Copy the installation media to the C drive.
+2. Copy the installation media to the C drive.
Copying the installation media to the C drive ensures that Package Inspector finds and catalogs the installer. If you skip this step, the code integrity policy may trust the application to run, but not trust it to be installed.
-3. Install and start the app.
+3. Install and start the app.
All binaries that are used while Package Inspector is running will be part of the catalog files. After the installation, start the app and make sure that any product updates are installed and any downloadable content was found during the scan. Then, close and restart the app to make sure that the scan found all binaries.
-4. Stop the scan and create definition and catalog files.
+4. Stop the scan and create definition and catalog files.
After app install is complete, stop the Package Inspector scan and create catalog and definition files on your desktop.
@@ -99,17 +96,17 @@ The Package Inspector scan catalogs the hash values for each binary file that is
After you're done, the files are saved to your desktop. You still need to sign the catalog file so that it will be trusted within the code integrity policy.
-## Catalog signing with Device Guard signing portal
+## Catalog signing with Device Guard signing portal
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.
-**To sign a catalog file with Device Guard signing portal**
+### To sign a catalog file with Device Guard signing portal
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com).
2. Click **Settings**, click **Store settings**, and then click **Device Guard**.
-3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files).
+3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files-for-your-unsigned-app).
4. After the files are uploaded, click **Sign** to sign the catalog files.
5. Click Download to download each item:
- signed catalog file
diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md
index 3eb99b3802..3555366945 100644
--- a/store-for-business/app-inventory-management-microsoft-store-for-business.md
+++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: You can manage all apps that you've acquired on your Apps & Softwar
ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -21,7 +20,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role.
diff --git a/store-for-business/apps-in-microsoft-store-for-business.md b/store-for-business/apps-in-microsoft-store-for-business.md
index 4e4499a673..f59d3fa018 100644
--- a/store-for-business/apps-in-microsoft-store-for-business.md
+++ b/store-for-business/apps-in-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: Microsoft Store for Business has thousands of apps from many differ
ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education has thousands of apps from many different categories.
@@ -55,14 +54,14 @@ Line-of-business (LOB) apps are also supported using Microsoft Store. Admins can
Some apps offer you the option to make in-app purchases. In-app purchases are not currently supported for apps that are acquired through Microsoft Store and distributed to employees.
-If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization’s inventory.
+If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization's inventory.
## Licensing model: online and offline licenses
Microsoft Store supports two options to license apps: online and offline.
### Online licensing
-Online licensing is the default licensing model and is similar to the model used by Microsoft Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user’s Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update.
+Online licensing is the default licensing model and is similar to the model used by Microsoft Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user's Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update.
Distribution options for online-licensed apps include the ability to:
diff --git a/store-for-business/assign-apps-to-employees.md b/store-for-business/assign-apps-to-employees.md
index a718684e7e..7225de9903 100644
--- a/store-for-business/assign-apps-to-employees.md
+++ b/store-for-business/assign-apps-to-employees.md
@@ -4,7 +4,6 @@ description: Administrators can assign online-licensed apps to employees and stu
ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization.
diff --git a/store-for-business/billing-payments-overview.md b/store-for-business/billing-payments-overview.md
index add114e633..a258d9af7e 100644
--- a/store-for-business/billing-payments-overview.md
+++ b/store-for-business/billing-payments-overview.md
@@ -2,7 +2,6 @@
title: Billing and payments overview
description: Find topics about billing and payment support in Microsoft Store for Business.
keywords: billing, payment methods, invoices, credit card, debit card
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -18,7 +17,7 @@ manager: dansimp
# Billing and payments
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Access invoices and managed your payment methods.
diff --git a/store-for-business/billing-profile.md b/store-for-business/billing-profile.md
index 284e5f8a87..77f5fa0713 100644
--- a/store-for-business/billing-profile.md
+++ b/store-for-business/billing-profile.md
@@ -2,7 +2,6 @@
title: Understand billing profiles
description: Learn how billing profiles support invoices
keywords: billing profile, invoices, charges, managed charges
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -18,7 +17,7 @@ manager: dansimp
# Understand billing profiles
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices.
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
index 725ba3bd9f..d3b06dbe77 100644
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ b/store-for-business/billing-understand-your-invoice-msfb.md
@@ -1,7 +1,6 @@
---
title: Understand your Microsoft Customer Agreement invoice
description: Learn how to read and understand your MCA bill
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -17,15 +16,15 @@ manager: dansimp
# Understand your Microsoft Customer Agreement invoice
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-The invoice provides a summary of your charges and provides instructions for payment. It’s available for
+The invoice provides a summary of your charges and provides instructions for payment. It's available for
download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements).
## General invoice information
Invoices are your bill from Microsoft. A few things to note:
-- **Invoice schedule** - You’re invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**.
+- **Invoice schedule** - You're invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**.
- **Billing profile** - Billing profiles are created during your purchase. Invoices are created for each billing profile. Billing profiles let you customize what products are purchased, how you pay for them, and who can make purchases. For more information, see [Understand billing profiles](billing-profile.md)
- **Items included** - Your invoice includes total charges for all first and third-party software and hardware products purchased under a Microsoft Customer Agreement. That includes items purchased from Microsoft Store for Business and Azure Marketplace.
- **Charges** - Your invoice provides information about products purchased and their related charges and taxes. Purchases are aggregated to provide a concise view of your bill.
diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
index 0249a8b606..70adfcef94 100644
--- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
+++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: For companies or organizations using mobile device management (MDM)
ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md
index dbccbf3bae..b74d000f43 100644
--- a/store-for-business/device-guard-signing-portal.md
+++ b/store-for-business/device-guard-signing-portal.md
@@ -4,7 +4,6 @@ description: Device Guard signing is a Device Guard feature that is available in
ms.assetid: 8D9CD2B9-5FC6-4C3D-AA96-F135AFEEBB78
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store, security
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
@@ -30,7 +29,7 @@ ms.date: 07/21/2021
> Following are the major changes we are making to the service:
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
> - Get a CI policy
diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
index c0ccce55a6..2cc25547e0 100644
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ b/store-for-business/distribute-apps-from-your-private-store.md
@@ -4,7 +4,6 @@ description: The private store is a feature in Microsoft Store for Business and
ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
diff --git a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
index 723648db24..39518d2c87 100644
--- a/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
+++ b/store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: Distribute apps to your employees from Microsoft Store for Business
ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store.
diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md
index 38c26e9d99..8bde8ed28d 100644
--- a/store-for-business/distribute-apps-with-management-tool.md
+++ b/store-for-business/distribute-apps-with-management-tool.md
@@ -4,7 +4,6 @@ description: You can configure a mobile device management (MDM) tool to synchron
ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
@@ -46,7 +45,7 @@ MDM tool requirements:
## Distribute offline-licensed apps
-If your vendor doesn’t support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](./apps-in-microsoft-store-for-business.md#licensing-model).
+If your vendor doesn't support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](./apps-in-microsoft-store-for-business.md#licensing-model).
This diagram shows how you can use a management tool to distribute offline-licensed app to employees in your organization. Once synchronized from Store for Business, management tools can use the Windows Management framework to distribute applications to devices.
diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index 5ee0219d23..b1b43828f9 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -4,7 +4,6 @@ description: Offline licensing is a new licensing option for Windows 10.
ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,8 +22,8 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
-
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+>
Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
## Why offline-licensed apps?
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index 953ad15d25..9388758a6c 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -35,7 +35,7 @@
"breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
"ms.author": "trudyha",
"audience": "ITPro",
- "ms.technology": "windows",
+ "ms.service": "store-for-business",
"ms.topic": "article",
"ms.date": "05/09/2017",
"searchScope": [
@@ -60,7 +60,8 @@
"AngelaMotherofDragons",
"dstrome",
"v-dihans",
- "garycentric"
+ "garycentric",
+ "v-stsavell"
]
},
"fileMetadata": {},
diff --git a/store-for-business/find-and-acquire-apps-overview.md b/store-for-business/find-and-acquire-apps-overview.md
index 9a624bd3c0..0a239cee50 100644
--- a/store-for-business/find-and-acquire-apps-overview.md
+++ b/store-for-business/find-and-acquire-apps-overview.md
@@ -4,7 +4,6 @@ description: Use the Microsoft Store for Business and Education to find apps for
ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
diff --git a/store-for-business/index.md b/store-for-business/index.md
index 83186f8f8b..82901c7ebe 100644
--- a/store-for-business/index.md
+++ b/store-for-business/index.md
@@ -2,7 +2,6 @@
title: Microsoft Store for Business and Education (Windows 10)
description: Welcome to the Microsoft Store for Business and Education. You can use Microsoft Store, to find, acquire, distribute, and manage apps for your organization or school.
ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -21,12 +20,12 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
> [!IMPORTANT]
-> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If you’ve already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you won’t be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of “free” will still be available. This change doesn’t impact apps in the Microsoft Store on Windows 10.
+> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If you've already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you won't be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of "free" will still be available. This change doesn't impact apps in the Microsoft Store on Windows 10.
>
> Also starting April 14, 2021, you must sign in with your Azure Active Directory (Azure AD) account before you browse Microsoft Store for Business and Education.
diff --git a/store-for-business/manage-access-to-private-store.md b/store-for-business/manage-access-to-private-store.md
index 35b33daedd..84c39959bb 100644
--- a/store-for-business/manage-access-to-private-store.md
+++ b/store-for-business/manage-access-to-private-store.md
@@ -4,7 +4,6 @@ description: You can manage access to your private store in Microsoft Store for
ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
diff --git a/store-for-business/manage-apps-microsoft-store-for-business-overview.md b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
index bc995342eb..855e3839ed 100644
--- a/store-for-business/manage-apps-microsoft-store-for-business-overview.md
+++ b/store-for-business/manage-apps-microsoft-store-for-business-overview.md
@@ -4,7 +4,6 @@ description: Manage apps, software, devices, products and services in Microsoft
ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**.
diff --git a/store-for-business/manage-orders-microsoft-store-for-business.md b/store-for-business/manage-orders-microsoft-store-for-business.md
index 14825fb5b5..4b6f8bd99e 100644
--- a/store-for-business/manage-orders-microsoft-store-for-business.md
+++ b/store-for-business/manage-orders-microsoft-store-for-business.md
@@ -1,7 +1,6 @@
---
title: Manage app orders in Microsoft Store for Business or Microsoft Store for Education (Windows 10)
description: You can view your order history with Microsoft Store for Business or Microsoft Store for Education.
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -17,7 +16,7 @@ manager: dansimp
# Manage app orders in Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds.
diff --git a/store-for-business/manage-private-store-settings.md b/store-for-business/manage-private-store-settings.md
index c6c6e4564c..b7765c7ea3 100644
--- a/store-for-business/manage-private-store-settings.md
+++ b/store-for-business/manage-private-store-settings.md
@@ -4,7 +4,6 @@ description: The private store is a feature in the Microsoft Store for Business
ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.localizationpriority: medium
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store.
diff --git a/store-for-business/manage-settings-microsoft-store-for-business.md b/store-for-business/manage-settings-microsoft-store-for-business.md
index f271481d73..37505459c3 100644
--- a/store-for-business/manage-settings-microsoft-store-for-business.md
+++ b/store-for-business/manage-settings-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: You can add users and groups, as well as update some of the setting
ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
index 5253b14c06..de70959d59 100644
--- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
+++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: Microsoft Store for Business and Microsoft Store for Education mana
ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups.
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index fd4d4e8c20..a5149c0b1e 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -1,7 +1,6 @@
---
title: Microsoft Store for Business and Education PowerShell module - preview
description: Preview version of PowerShell module
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -20,7 +19,7 @@ manager: dansimp
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).
@@ -129,7 +128,7 @@ Remove-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user
```
## Assign or reclaim a product with a .csv file
-You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for “Principal Names” (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module.
+You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for "Principal Names" (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module.
**To assign or reclaim seats in bulk:**
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index a3cab33039..6516ad323c 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -3,7 +3,6 @@ title: Microsoft Store for Business and Microsoft Store for Education overview (
description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps.
ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
ms.reviewer:
-ms.prod: w10
ms.pagetype: store
ms.mktglfcycl: manage
ms.sitesec: library
@@ -19,10 +18,10 @@ ms.date: 07/21/2021
**Applies to**
-- Windows 10
+- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -42,7 +41,7 @@ Organizations or schools of any size can benefit from using Microsoft Store for
- **Microsoft Store for Education** – Apps acquired from Microsoft Store for Education
- **Office 365** – Subscriptions
- **Volume licensing** - Apps purchased with volume licensing
-- **Private store** - Create a private store for your business that’s easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices.
+- **Private store** - Create a private store for your business that's easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices.
- **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices:
- Distribute through Microsoft Store services. You can assign apps to individual employees, or make apps available to all employees in your private store.
- Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images.
@@ -68,7 +67,7 @@ Microsoft Azure Active Directory (AD) accounts for your employees:
- Employees need Azure AD account when they access Store for Business content from Windows devices.
- If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account
- For offline-licensed apps, Azure AD accounts are not required for employees.
-- Admins can add or remove user accounts in the Microsoft 365 admin center, even if you don’t have an Office 365 subscription. You can access the Office 365 admin portal directly from the Store for Business and Education.
+- Admins can add or remove user accounts in the Microsoft 365 admin center, even if you don't have an Office 365 subscription. You can access the Office 365 admin portal directly from the Store for Business and Education.
For more information on Azure AD, see [About Office 365 and Azure Active Directory](/previous-versions//dn509517(v=technet.10)), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
@@ -83,7 +82,7 @@ While not required, you can use a management tool to distribute and manage apps.
## Sign up!
-The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we’ll quickly create an account for you. You must be a Global Administrator for your organization.
+The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we'll quickly create an account for you. You must be a Global Administrator for your organization.
## Set up
@@ -101,7 +100,7 @@ After your admin signs up for the Store for Business and Education, they can ass
In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](manage-users-and-groups-microsoft-store-for-business.md).
-Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with Store for Business and Education.
+Also, if your organization plans to use a management tool, you'll need to configure your management tool to sync with Store for Business and Education.
## Get apps and content
@@ -128,7 +127,7 @@ App distribution is handled through two channels, either through the Microsoft S
**Distribute with Store for Business and Education**:
- Email link – After purchasing an app, Admins can send employees a link in an email message. Employees can click the link to install the app.
-- Curate private store for all employees – A private store can include content you’ve purchased from Microsoft Store for Business, and your line-of-business apps that you’ve submitted to Microsoft Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
+- Curate private store for all employees – A private store can include content you've purchased from Microsoft Store for Business, and your line-of-business apps that you've submitted to Microsoft Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
- To use the options above users must be signed in with an Azure AD account on a Windows 10 device. Licenses are assigned as individuals install apps.
**Using a management tool** – For larger organizations that want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options:
diff --git a/store-for-business/notifications-microsoft-store-business.md b/store-for-business/notifications-microsoft-store-business.md
index dd8d1a7d29..548f8ecce0 100644
--- a/store-for-business/notifications-microsoft-store-business.md
+++ b/store-for-business/notifications-microsoft-store-business.md
@@ -5,7 +5,6 @@ keywords: notifications, alerts
ms.assetid:
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -24,7 +23,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store.
@@ -32,9 +31,9 @@ Microsoft Store for Business and Microsoft Store for Education use a set of noti
| Store area | Notification message | Customer impact |
| ---------- | -------------------- | --------------- |
-| General | We’re on it. Something happened on our end with the Store. Waiting a bit might help. | You might be unable to sign in. There might be an intermittent Azure AD outage. |
-| Manage | We’re on it. Something happened on our end with management for apps and software. We’re working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history. |
-| Shop | We’re on it. Something happened on our end with purchasing. We’re working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
-| Private store | We’re on it. Something happened on our end with your organization’s private store. People in your organization can’t download apps right now. We’re working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
-| Acquisition and licensing | We’re on it. People in your org might not be able to install or use certain apps. We’re working to fix the problem. | People in your org might not be able to claim a license from your private store. |
-| Partner | We’re on it. Something happened on our end with Find a Partner. We’re working to fix the problem. | You might not be able to search for a partner. |
+| General | We're on it. Something happened on our end with the Store. Waiting a bit might help. | You might be unable to sign in. There might be an intermittent Azure AD outage. |
+| Manage | We're on it. Something happened on our end with management for apps and software. We're working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history. |
+| Shop | We're on it. Something happened on our end with purchasing. We're working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
+| Private store | We're on it. Something happened on our end with your organization's private store. People in your organization can't download apps right now. We're working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
+| Acquisition and licensing | We're on it. People in your org might not be able to install or use certain apps. We're working to fix the problem. | People in your org might not be able to claim a license from your private store. |
+| Partner | We're on it. Something happened on our end with Find a Partner. We're working to fix the problem. | You might not be able to search for a partner. |
diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md
index 43f09a403e..b0d445d780 100644
--- a/store-for-business/payment-methods.md
+++ b/store-for-business/payment-methods.md
@@ -2,7 +2,6 @@
title: Payment methods for commercial customers
description: Learn what payment methods are available in Store for Business and M365 admin center
keywords: payment method, credit card, debit card, add credit card, update payment method
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -18,7 +17,7 @@ manager: dansimp
# Payment methods
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards:
- VISA
@@ -54,4 +53,4 @@ Once you select **Add**, the information you provided will be validated with a t
Once you click **Update**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems.
> [!NOTE]
-> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
+> Certain actions, like updating or adding a payment option, require temporary "test authorization" transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
diff --git a/store-for-business/prerequisites-microsoft-store-for-business.md b/store-for-business/prerequisites-microsoft-store-for-business.md
index 2b8ea7784d..59d4c2b19b 100644
--- a/store-for-business/prerequisites-microsoft-store-for-business.md
+++ b/store-for-business/prerequisites-microsoft-store-for-business.md
@@ -3,7 +3,6 @@ title: Prerequisites for Microsoft Store for Business and Education (Windows 10)
description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
ms.reviewer:
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index a4f1f93a78..5d9ea05e6c 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -1,7 +1,6 @@
---
title: Microsoft Store for Business and Education release history
description: Know the release history of Microsoft Store for Business and Microsoft Store for Education.
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -16,7 +15,7 @@ manager: dansimp
# Microsoft Store for Business and Education release history
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
@@ -39,13 +38,13 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.
## April 2018
-- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
+- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We'll figure out who's in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we'll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections.
- **Office 365 subscription management** - We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
## March 2018
- **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](./manage-private-store-settings.md#private-store-performance)
-- **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results.
+- **Private store collection updates** - We've made it easier to find apps when creating private store collections – now you can search and filter results.
[Get more info](./manage-private-store-settings.md#private-store-collections)
- **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings.
- **Upgrade Microsoft 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 for business subscription to a Microsoft 365 for business subscription.
diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
index d04d9e5277..6b9ac86995 100644
--- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md
+++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: The first person to sign in to Microsoft Store for Business or Micr
keywords: roles, permissions
ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
ms.reviewer:
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -23,7 +22,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md
index 442ff303d1..4a44723dd6 100644
--- a/store-for-business/settings-reference-microsoft-store-for-business.md
+++ b/store-for-business/settings-reference-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: The Microsoft Store for Business and Education has a group of setti
ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -18,7 +17,7 @@ ms.date: 07/21/2021
# Settings reference: Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md
index 08e7950bb0..0bd887f0d4 100644
--- a/store-for-business/sfb-change-history.md
+++ b/store-for-business/sfb-change-history.md
@@ -1,7 +1,6 @@
---
title: Change history for Microsoft Store for Business and Education
description: Summary of topic changes for Microsoft Store for Business and Microsoft Store for Education.
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
index d7f05fb986..f9fdb79f49 100644
--- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
@@ -4,7 +4,6 @@ description: Signing code integrity policies prevents policies from being tamper
ms.assetid: 63B56B8B-2A40-44B5-B100-DC50C43D20A9
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store, security
@@ -18,7 +17,7 @@ ms.date: 07/21/2021
# Sign code integrity policy with Device Guard signing
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
> [!IMPORTANT]
@@ -27,7 +26,7 @@ ms.date: 07/21/2021
> Following are the major changes we are making to the service:
> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download). Note that the certificate used to sign a file can be easily extracted from the signed file itself. As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
>
> The following functionality will be available via these PowerShell cmdlets:
> - Get a CI policy
diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md
index c51e8f7899..32cdba4b8f 100644
--- a/store-for-business/sign-up-microsoft-store-for-business-overview.md
+++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md
@@ -3,7 +3,6 @@ title: Sign up and get started (Windows 10)
description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps.
ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
ms.reviewer:
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md
index febe7110b0..074a34eb0f 100644
--- a/store-for-business/troubleshoot-microsoft-store-for-business.md
+++ b/store-for-business/troubleshoot-microsoft-store-for-business.md
@@ -4,7 +4,6 @@ description: Troubleshooting topics for Microsoft Store for Business.
ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -22,7 +21,7 @@ ms.date: 07/21/2021
- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Troubleshooting topics for Microsoft Store for Business.
diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md
index edc1a362da..b277705e60 100644
--- a/store-for-business/update-microsoft-store-for-business-account-settings.md
+++ b/store-for-business/update-microsoft-store-for-business-account-settings.md
@@ -2,7 +2,6 @@
title: Update your Billing account settings
description: The billing account page in Microsoft Store for Business and Microsoft Store for Education, and M365 admin center shows information about your organization that you can update, including country or region, organization contact info, agreements with Microsoft and admin approvals.
keywords: billing accounts, organization info
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -18,7 +17,7 @@ manager: dansimp
# Update Billing account settings
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
A billing account contains defining information about your organization.
@@ -35,9 +34,9 @@ We need your business address, email contact, and tax-exemption certificates tha
Before purchasing apps that have a fee, you need to add or update your organization's business address, contact email address, and contact name.
-We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase.
+We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we'll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don't have an address, we'll ask you to enter it during your first purchase.
-We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization’s Office 365 or Azure AD tenant that is used with Microsoft Store.
+We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization's Office 365 or Azure AD tenant that is used with Microsoft Store.
**To update billing account information**
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com)
@@ -100,7 +99,7 @@ If you qualify for tax-exempt status in your market, start a service request to
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
2. Select **Manage**, click **Support**, and then under **Store settings & configuration** select **Create technical support ticket**.
-You’ll need this documentation:
+You'll need this documentation:
|Country or locale | Documentation |
|------------------|----------------|
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index 4b0cd1e47d..ee29b9c93f 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -1,7 +1,6 @@
---
title: Whats new in Microsoft Store for Business and Education
description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education.
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -16,7 +15,7 @@ manager: dansimp
# What's new in Microsoft Store for Business and Education
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Microsoft Store for Business and Education regularly releases new and improved features.
@@ -35,13 +34,13 @@ Microsoft Store for Business and Education regularly releases new and improved f
## Previous releases and updates
@@ -97,4 +96,4 @@ We’ve been working on bug fixes and performance improvements to provide you a
- Manage prepaid Office 365 subscriptions
- Manage Office 365 subscriptions acquired by partners
- Edge extensions in Microsoft Store
-- Search results in Microsoft Store for Business
\ No newline at end of file
+- Search results in Microsoft Store for Business
diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md
index 9478fd004c..92b489f6ab 100644
--- a/store-for-business/working-with-line-of-business-apps.md
+++ b/store-for-business/working-with-line-of-business-apps.md
@@ -4,7 +4,6 @@ description: Your company or school can make line-of-business (LOB) applications
ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7
ms.reviewer:
manager: dansimp
-ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
@@ -19,89 +18,93 @@ ms.date: 07/21/2021
**Applies to**
-- Windows 10
+- Windows 10
> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization – they might be internal apps, or apps specific to your school, business, or industry.
Developers within your organization, or ISVs that you invite, can become LOB publishers and submit apps to Microsoft Store for your company or school. Once an LOB publisher submits an app for your company, the app is only available to your company. LOB publishers submit apps through the Windows Dev Center using the same process as all apps that are in Microsoft Store, and then can be managed or deployed using the same process as any other app that has been acquired through Microsoft Store.
-One advantage of making apps available through Microsoft Store for Business is that the app has been signed by Microsoft Store, and uses the standard Microsoft Store policies. For organizations that can’t submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](/windows/application-management/sideload-apps-in-windows-10) is also supported on Windows 10.
+One advantage of making apps available through Microsoft Store for Business is that the app has been signed by Microsoft Store, and uses the standard Microsoft Store policies. For organizations that can't submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](/windows/application-management/sideload-apps-in-windows-10) is also supported on Windows 10.
-## Adding LOB apps to your private store
+## Adding LOB apps to your private store
Admins and ISVs each own different parts of the process for getting LOB apps created, submitted, and deployed to your employees or students. Admins use Microsoft Store for Business or Microsoft Store for Education portal; ISVs or devs use the Windows Dev center on MSDN.
-Here’s what’s involved:
-- Microsoft Store for Business admin invites a developer or ISV to become an LOB publisher for your company.
-- LOB publisher develops and submits app to Microsoft Store, tagging the app so it is only available to your company.
-- Microsoft Store for Business admin accepts the app and can distribute the app to employees in your company.
+Here's what's involved:
+
+- Microsoft Store for Business admin invites a developer or ISV to become an LOB publisher for your company.
+- LOB publisher develops and submits app to Microsoft Store, tagging the app so it is only available to your company.
+- Microsoft Store for Business admin accepts the app and can distribute the app to employees in your company.
You'll need to set up:
-- Your company needs to be signed up with Microsoft Store for Business or Microsoft Store for Education.
-- LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
-- LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
+
+- Your company needs to be signed up with Microsoft Store for Business or Microsoft Store for Education.
+- LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
+- LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
The process and timing look like this:
-## Add an LOB publisher (Admin)
+## Add an LOB publisher (Admin)
+
Admins need to invite developer or ISVs to become an LOB publisher.
-**To invite a developer to become an LOB publisher**
+### To invite a developer to become an LOB publisher
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
2. Click **Manage**, click **Permissions**, and then choose **Line-of-business publishers**.
3. On the Line-of business publishers page, click **Invite** to send an email invitation to a developer.
-
+
>[!Note]
> This needs to be the email address listed in contact info for the developer account.
-## Submit apps (LOB publisher)
+## Submit apps (LOB publisher)
The developer receives an email invite to become an LOB publisher for your company. Once they accept the invite, they can log in to the Windows Dev Center to create an app submission for your company. The info here assumes that devs or ISVs have an active developer account.
After an app is published and available in the Store, ISVs publish an updated version by creating another submission in their dashboard. Creating a new submission allows the ISV to make the changes required to create a LOB app for your company. To learn more about updates to an app submission, see [App submissions](/windows/uwp/publish/app-submissions) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).
-**To create a new submission for an app**
+## To create a new submission for an app
-1. Sign in to the [Windows Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
-2. On the App overview page, under **Action**, click **Update**.
+1. Sign in to the [Windows Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
+2. On the App overview page, under **Action**, click **Update**.
-OR-
Submit your app following the guidelines in [App submissions](/windows/uwp/publish/app-submissions). Be sure to completed steps 3 and 4 when you set app pricing and availability options.
-3. On the **Pricing and availability** page, under **Distribution and visibility**, click **Line-of-business (LOB) distribution**, and then choose the enterprise(s) who will get the LOB app. No one else will have access to the app.
-4. Under **Organizational licensing**, click **Show options**.
+3. On the **Pricing and availability** page, under **Distribution and visibility**, click **Line-of-business (LOB) distribution**, and then choose the enterprise(s) who will get the LOB app. No one else will have access to the app.
+4. Under **Organizational licensing**, click **Show options**.
Organizational licensing options apply to all apps, not just LOB apps:
- - **Store-managed (online) volume licensing** - This is required. You must select this item to make your app available as an a LOB app. By default, it will be selected. This won't make the app available to anyone outside of the enterprise(s) that you selected in **Distribution and visibility**.
+ - **Store-managed (online) volume licensing** - This is required. You must select this item to make your app available as an a LOB app. By default, it will be selected. This won't make the app available to anyone outside of the enterprise(s) that you selected in **Distribution and visibility**.
- - **Disconnected (offline) licensing** - This is optional for LOB apps.
+ - **Disconnected (offline) licensing** - This is optional for LOB apps.
-5. Click **Save** to save your changes and start the app submission process.
+5. Click **Save** to save your changes and start the app submission process.
+
+For more information, see [Organizational licensing options]( https://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).
-For more information, see [Organizational licensing options]( https://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).
-
>[!Note]
> In order to get the LOB app, the organization must be located in a [supported market](./microsoft-store-for-business-overview.md#supported-markets), and you must not have excluded that market when submitting your app.
-## Add app to inventory (admin)
+## Add app to inventory (admin)
After an ISV submits the LOB app for your company or school, someone with Microsoft Store for Business and Education admin permissions needs to accept the app.
-**To add the LOB app to your inventory**
+### To add the LOB app to your inventory
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
-2. Click **Manage**, click **Products & services**, and then choose **New LOB apps**.
-3. Click the ellipses under **Action** for the app you want to add to your inventory, and then choose **Add to inventory**.
+1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
+2. Click **Manage**, click **Products & services**, and then choose **New LOB apps**.
+3. Click the ellipses under **Action** for the app you want to add to your inventory, and then choose **Add to inventory**.
After you add the app to your inventory, you can choose how to distribute the app. For more information, see:
-- [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md)
-- [Distribute apps from your private store](distribute-apps-from-your-private-store.md)
-- [Assign apps to employees](assign-apps-to-employees.md)
-- [Distribute offline apps](distribute-offline-apps.md)
\ No newline at end of file
+
+- [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md)
+- [Distribute apps from your private store](distribute-apps-from-your-private-store.md)
+- [Assign apps to employees](assign-apps-to-employees.md)
+- [Distribute offline apps](distribute-offline-apps.md)
diff --git a/template.md b/template.md
index 84c08cc7de..6049d2ff6d 100644
--- a/template.md
+++ b/template.md
@@ -2,17 +2,17 @@
title: # ARTICLE TITLE in 55 chars or less, most important for SEO. Best to match H1 and TOC, but doesn't have to.
description: # A summary of the content. 75-300 characters. Used in site search. Sometimes used on a search engine results page for improved SEO. Always end with period.
ms.date: mm/dd/yyyy
-ms.prod: windows
-ms.technology: windows #more to come...
+ms.prod: windows-client
+ms.technology: itpro-fundamentals # itpro-deploy itpro-updates itpro-apps itpro-manage itpro-configure itpro-security itpro-privacy itpro-edu
ms.topic: conceptual #reference troubleshooting how-to end-user-help overview (more in contrib guide)
ms.localizationpriority: medium #high null
author: # GitHub username (aczechowski)
ms.author: # MS alias (aaroncz)
-ms.reviewer: # MS alias of feature PM, optional
-manager: # MS alias of manager (dougeby)
+ms.reviewer: # MS alias of feature PM, optional. comma-separated multivalue
+manager: # MS alias of manager (dougeby/aaroncz)
ms.collection: # optional
-- # highpri - high priority, strategic, important, current, etc. articles
-- # openauth - the article is owned by PM or community for open authoring
+- # highpri - high priority, strategic, important, current, etc. articles (confirm with manager prior to use)
+- # education - part of M365 for Education vertical
---
# Metadata and Markdown Template
@@ -28,7 +28,7 @@ When you create a new markdown file article, **Save as** this template to a new
## Metadata
-The full metadata block is above the markdown between the `---` lines. For more information, see [Metadata attributes](https://review.docs.microsoft.com/en-us/help/contribute/metadata-attributes?branch=main) in the contributor guide. Some key notes:
+The full metadata block is above the markdown between the `---` lines. For more information, see [Metadata for Magic content](https://review.learn.microsoft.com/office-authoring-guide/metadata-for-content-on-docs?branch=main) and [Metadata attributes](https://review.learn.microsoft.com/help/platform/metadata-all-attributes?branch=main) in the contributor guide. Some key notes:
- You _must_ have a space between the colon (`:`) and the value for a metadata element.
@@ -40,22 +40,23 @@ The full metadata block is above the markdown between the `---` lines. For more
- Don't end with a period.
- Use Microsoft style _sentence case_.
- The title can match the H1 heading (`#`) and the name in the toc.yml, but doesn't have to.
- - It should be roughly 55 characters or less for best search engine optimization (SEO).
+ - It should be roughly 60-65 characters or less for best search engine optimization (SEO). NOTE that the length also includes any titleSuffix value, which is configured for every docset in docfx.json.
- `description`: Summarize the content, shows in search engine results. 75-300 characters. Always end with a period.
-- `ms.date`: After you Save As this template to the target file, with the Docs Authoring Pack extension installed, right-click anywhere in the .md file to **Update `ms.date` metadata value** and save the file.
+- `ms.date`: After you Save As this template to the target file, with the Docs Authoring Pack extension installed, right-click anywhere in the .md file to **Update `ms.date` metadata value** and save the file. This value is useful for when someone last reviewed the article (not just made any edit/commit).
-- `author`: The author field contains the **Github username** of the author.
+- `author`: The author field contains the **Github username** of the author (single-value).
- This value is used in GitHub notifications, assignments, and other build automation in both the private and public repositories.
- It's also used to display the first (left-most) contributor in the published article.
-- `ms.author` & `manager`: Microsoft aliases. ms.author and author are typically the same.
- - `ms.reviewer`: Optionally can specify the name of the PM associated with the article. Just for reference, not currently used by any automation.
+- `ms.author` & `manager`: Microsoft aliases (single-value). ms.author and author are typically the same.
-- `ms.prod`: Should always be `windows` for Windows content. (Some older articles still use `w10` and `w11`.)
+- `ms.reviewer`: Optionally can specify the name of the PM associated with the article. Just for reference, not currently used by any automation. Single or multi-value.
-- `ms.technology`: Select one of the options based on the feature area. Currently the only option is `windows`.
+- `ms.prod`: Should always be `windows-client` for Windows content.
+
+- `ms.technology`: Select one of the options based on the feature area. (single-value)
- `ms.topic`: Select one of the options based on the content type. This attribute is used in calculating content health (different content types are used differently by customers, so have different metrics).
@@ -65,7 +66,7 @@ The full metadata block is above the markdown between the `---` lines. For more
All basic and Github-flavored markdown (GFM) is supported. For more information, see the following articles:
-- [Docs Markdown reference in the Contributor Guide](https://review.docs.microsoft.com/help/contribute/markdown-reference?branch=main)
+- [Docs Markdown reference in the Contributor Guide](https://review.learn.microsoft.com/help/contribute/markdown-reference?branch=main)
- [Baseline markdown syntax](https://daringfireball.net/projects/markdown/syntax)
- [Github-flavored markdown (GFM) documentation](https://docs.github.com/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax)
@@ -79,7 +80,7 @@ Second-level headings (`##`, also known as H2) generate the on-page TOC that app
Limit the length of second-level headings to avoid excessive line wraps.
-Make sure _all_ headings of any level have a unique name for the article. The build creates an anchor for all headings on the page using kebab formatting. For example, from the [Docs Markdown reference](https://review.docs.microsoft.com/help/contribute/markdown-reference?branch=main) article, the heading **Alerts (Note, Tip, Important, Caution, Warning)** becomes the anchor `#alerts-note-tip-important-caution-warning`. If there are duplicate headings, then the anchors don't behave properly. This behavior also applies when using include files, make sure the headings are unique across the main markdown file, and all include markdown files.
+Make sure _all_ headings of any level have a unique name for the article. The build creates an anchor for all headings on the page using kebab formatting. For example, from the [Docs Markdown reference](https://review.learn.microsoft.com/help/contribute/markdown-reference?branch=main) article, the heading **Alerts (Note, Tip, Important, Caution, Warning)** becomes the anchor `#alerts-note-tip-important-caution-warning`. If there are duplicate headings, then the anchors don't behave properly. This behavior also applies when using include files, make sure the headings are unique across the main markdown file, and all include markdown files.
Don't skip levels. For example, don't have an H3 (`###`) without a parent H2 (`##`).
@@ -111,7 +112,7 @@ _Italics_ (a single asterisk (`*`) also works, but the underscore (`_`) helps di
>
> It supports headings in the current and other files too! (Just not the custom `bkmk` anchors that are sometimes used in this content.)
-For more information, see [Add links to articles](https://review.docs.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
+For more information, see [Add links to articles](https://review.learn.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
### Article in the same repo
@@ -149,7 +150,7 @@ There's a broken link report that runs once a week in the build system, get the
Don't use URL shorteners like `go.microsoft.com/fwlink` or `aka.ms`. Include the full URL to the target.
-For more information, see [Add links to articles](https://review.docs.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
+For more information, see [Add links to articles](https://review.learn.microsoft.com/help/contribute/links-how-to?branch=main) in the contributor guide.
## Lists
@@ -289,4 +290,4 @@ Always include alt text for accessibility, and always end it with a period.
## docs.ms extensions
> [!div class="nextstepaction"]
-> [Next step action](/mem/configmgr)
+> [Microsoft Endpoint Configuration Manager documentation](https://learn.microsoft.com/mem/configmgr)
diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json
deleted file mode 100644
index 35b82f4d89..0000000000
--- a/windows/access-protection/docfx.json
+++ /dev/null
@@ -1,61 +0,0 @@
-{
- "build": {
- "content": [
- {
- "files": [
- "**/*.md",
- "**/*.yml"
- ],
- "exclude": [
- "**/obj/**",
- "**/includes/**",
- "README.md",
- "LICENSE",
- "LICENSE-CODE",
- "ThirdPartyNotices"
- ]
- }
- ],
- "resource": [
- {
- "files": [
- "**/*.png",
- "**/*.jpg",
- "**/*.gif"
- ],
- "exclude": [
- "**/obj/**",
- "**/includes/**"
- ]
- }
- ],
- "overwrite": [],
- "externalReference": [],
- "globalMetadata": {
- "recommendations": true,
- "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
- "ms.technology": "windows",
- "audience": "ITPro",
- "ms.topic": "article",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "MSDN.win-access-protection",
- "folder_relative_path_in_docset": "./"
- }
- },
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
- "jborsecnik",
- "tiburd",
- "garycentric"
- ]
- },
- "fileMetadata": {},
- "template": [],
- "dest": "win-access-protection",
- "markdownEngineName": "markdig"
- }
-}
diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md
index a625c4f1c7..96f2e3ec05 100644
--- a/windows/application-management/add-apps-and-features.md
+++ b/windows/application-management/add-apps-and-features.md
@@ -1,7 +1,7 @@
---
title: Add or hide optional apps and features on Windows devices | Microsoft Docs
description: Learn how to add Windows 10 and Windows 11 optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
-ms.prod: w10
+ms.prod: windows-client
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
@@ -9,7 +9,7 @@ ms.localizationpriority: medium
ms.date: 08/30/2021
ms.reviewer:
ms.topic: article
-ms.collection: highpri
+ms.technology: itpro-apps
---
# Add or hide features on the Windows client OS
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index 3c080dc8c9..cc656aafd4 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -1,13 +1,14 @@
---
title: What's new in App-V for Windows 10, version 1703 and earlier (Windows 10)
-description: Information about what's new in App-V for Windows 10, version 1703 and earlier.
+description: Information about what's new in App-V for Windows 10, version 1703 and earlier.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# What's new in App-V for Windows 10, version 1703 and earlier
diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index d49eb1249f..58897cdf6e 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -2,12 +2,13 @@
title: How to Add or Remove an Administrator by Using the Management Console (Windows 10/11)
description: Add or remove an administrator on the Microsoft Application Virtualization (App-V) server by using the Management Console.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to add or remove an administrator by using the Management Console
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index e0eb8f53de..fa08c35781 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -2,12 +2,13 @@
title: How to Add or Upgrade Packages by Using the Management Console (Windows 10/11)
description: Add or upgrade packages on the Microsoft Application Virtualization (App-V) server by using the Management Console.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to add or upgrade packages by using the Management Console
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index 03ad7e6238..03cecb9d0e 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -2,12 +2,13 @@
title: Administering App-V by using Windows PowerShell (Windows 10/11)
description: Administer App-V by using Windows PowerShell and learn where to find more information about PowerShell for App-V.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Administering App-V by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
index bf7e7c0092..e211ca7e51 100644
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@@ -2,12 +2,13 @@
title: Administering App-V Virtual Applications by using the Management Console (Windows 10/11)
description: Administering App-V Virtual Applications by using the Management Console
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Administering App-V Virtual Applications by using the Management Console
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index 64361de362..26f95c80b5 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -2,12 +2,13 @@
title: Only Allow Admins to Enable Connection Groups (Windows 10/11)
description: Configure the App-V client so that only administrators, not users, can enable or disable connection groups.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to allow only administrators to enable connection groups
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 34b447c216..de91ab07af 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -2,12 +2,13 @@
title: Application Publishing and Client Interaction (Windows 10/11)
description: Learn technical information about common App-V Client operations and their integration with the local operating system.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/08/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Application publishing and client interaction
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index c8740e0295..567e7032c1 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -2,12 +2,13 @@
title: Apply deployment config file via Windows PowerShell (Windows 10/11)
description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10/11.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to apply the deployment configuration file by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
index be239ea61e..cdf4c28c91 100644
--- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
@@ -2,12 +2,13 @@
title: How to apply the user configuration file by using Windows PowerShell (Windows 10/11)
description: How to apply the user configuration file by using Windows PowerShell (Windows 10/11).
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to apply the user configuration file by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index dc1ca15097..4939b6ebf8 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -2,12 +2,13 @@
title: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
description: How to automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index 7c980f474e..e7258a8130 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -2,12 +2,13 @@
title: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
description: How to automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index cb417de5f7..3355376c09 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -2,12 +2,13 @@
title: Auto-remove unpublished packages on App-V client (Windows 10/11)
description: How to automatically clean up any unpublished packages on your App-V client devices.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Automatically clean up unpublished packages on the App-V client
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index ce0946e52d..7ceed272a7 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -2,12 +2,13 @@
title: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
description: How to automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) PowerShell cmdlet or the user interface.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md
index 1cb2437d69..771a738982 100644
--- a/windows/application-management/app-v/appv-available-mdm-settings.md
+++ b/windows/application-management/app-v/appv-available-mdm-settings.md
@@ -2,12 +2,13 @@
title: Available Mobile Device Management (MDM) settings for App-V (Windows 10/11)
description: Learn the available Mobile Device Management (MDM) settings you can use to configure App-V on Windows 10.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/15/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Available Mobile Device Management (MDM) settings for App-V
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index 1b99178358..a6a532e8a3 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -2,12 +2,13 @@
title: App-V Capacity Planning (Windows 10/11)
description: Use these recommendations as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# App-V Capacity Planning
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index df718dd34c..326585e719 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -2,12 +2,13 @@
title: About Client Configuration Settings (Windows 10/11)
description: Learn about the App-V client configuration settings and how to use Windows PowerShell to modify the client configuration settings.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# About Client Configuration Settings
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index e6df891618..41d37e769a 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -2,12 +2,13 @@
title: How to configure access to packages by using the Management Console (Windows 10/11)
description: How to configure access to packages by using the App-V Management Console.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to configure access to packages by using the Management Console
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index fea49f61d9..8a69ae36a5 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -2,12 +2,13 @@
title: How to make a connection group ignore the package version (Windows 10/11)
description: Learn how to make a connection group ignore the package version with the App-V Server Management Console.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to make a connection group ignore the package version
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index 049605ef02..6c2f01bc3f 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -2,12 +2,13 @@
title: How to configure the client to receive package and connection groups updates from the publishing server (Windows 10/11)
description: How to configure the client to receive package and connection groups updates from the publishing server.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to configure the client to receive package and connection groups updates from the publishing server
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index 253636d464..07b3d731e9 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -2,12 +2,13 @@
title: How to connect to the Management Console (Windows 10/11)
description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to connect to the Management Console
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index 8ceb9b6c5f..e39efd3b64 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -2,12 +2,13 @@
title: About the connection group file (Windows 10/11)
description: A summary of what the connection group file is and how to configure it.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# About the connection group file
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index db04478772..f1f55c9cd9 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -2,12 +2,13 @@
title: About the connection group virtual environment (Windows 10/11)
description: Learn how the connection group virtual environment works and how package priority is determined.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 06/25/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# About the connection group virtual environment
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 1684f4c3f3..860483ff03 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -2,12 +2,13 @@
title: How to convert a package created in a previous version of App-V (Windows 10/11)
description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to convert a package created in a previous version of App-V
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index ee158c7267..96b3e97312 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -2,12 +2,13 @@
title: How to create a connection croup with user-published and globally published packages (Windows 10/11)
description: How to create a connection croup with user-published and globally published packages.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to create a connection croup with user-published and globally published packages
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 260369d8c3..497e3ea71b 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -2,12 +2,13 @@
title: How to create a connection group (Windows 10/11)
description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to create a connection group
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index 0190e974ef..4c8acf525d 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -2,12 +2,13 @@
title: How to create a custom configuration file by using the App-V Management Console (Windows 10/11)
description: How to create a custom configuration file by using the App-V Management Console.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to create a custom configuration file by using the App-V Management Console
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 28482df125..ddd0de127f 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -2,12 +2,13 @@
title: How to create a package accelerator by using Windows PowerShell (Windows 10/11)
description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to create a package accelerator by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index 3f2be47130..c753f09372 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -2,12 +2,13 @@
title: How to create a package accelerator (Windows 10/11)
description: Learn how to create App-V Package Accelerators to automatically generate new virtual application packages.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to create a package accelerator
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index babfd64cfe..49e3724b94 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -2,12 +2,13 @@
title: How to create a virtual application package using an App-V Package Accelerator (Windows 10/11)
description: How to create a virtual application package using an App-V Package Accelerator.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to create a virtual application package using an App-V Package Accelerator
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 32aca7fa5e..70650f1456 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -2,12 +2,13 @@
title: Create and apply an App-V project template to a sequenced App-V package (Windows 10/11)
description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Create and apply an App-V project template to a sequenced App-V package
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index 5dd5070e14..adb044d34a 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -2,12 +2,13 @@
title: Creating and managing App-V virtualized applications (Windows 10/11)
description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Creating and managing App-V virtualized applications
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index 4b06455581..0326ed9cec 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -2,12 +2,13 @@
title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10/11)
description: How to customize virtual application extensions for a specific AD group by using the Management Console.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 07/10/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to customize virtual applications extensions for a specific AD group by using the Management Console
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 13a1040daf..32cb6660b7 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -2,12 +2,13 @@
title: How to delete a connection group (Windows 10/11)
description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to delete a connection group
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index e4df263550..21b928cfbb 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -2,12 +2,13 @@
title: How to delete a package in the Management Console (Windows 10/11)
description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to delete a package in the Management Console
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index 9c2e2e8c68..2f34d49a3a 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -2,12 +2,13 @@
title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10/11)
description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to deploy the App-V databases by using SQL scripts
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 1c04491cc8..4005389caf 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -2,12 +2,13 @@
title: How to deploy App-V packages using electronic software distribution (Windows 10/11)
description: Learn how to use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to deploy App-V packages using electronic software distribution
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 0025905016..f643e3540b 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -2,12 +2,13 @@
title: How to Deploy the App-V Server Using a Script (Windows 10/11)
description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to deploy the App-V server using a script
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index b054a15012..417e6a9dbd 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -2,12 +2,13 @@
title: How to Deploy the App-V Server (Windows 10/11)
description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10/11.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# How to Deploy the App-V Server (new installation)
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index 8dbb0be4d1..9b93a5cd57 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -2,12 +2,13 @@
title: Deploying App-V (Windows 10/11)
description: App-V supports several different deployment options. Learn how to complete App-V deployment at different stages in your App-V deployment.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Deploying App-V for Windows client
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index afe22af405..e2024178c1 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -2,12 +2,13 @@
title: Deploying Microsoft Office 2010 by Using App-V
description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Deploying Microsoft Office 2010 by Using App-V
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 3dff5e4e6f..73f9db7e31 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -2,12 +2,13 @@
title: Deploying Microsoft Office 2013 by Using App-V (Windows 10/11)
description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Deploying Microsoft Office 2013 by Using App-V
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index 657f495e80..745d79c291 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -2,12 +2,13 @@
title: Deploying Microsoft Office 2016 by using App-V (Windows 10/11)
description: Use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Deploying Microsoft Office 2016 by using App-V
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 3611a2181c..19ddffc329 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -2,12 +2,13 @@
title: Deploying App-V packages by using electronic software distribution (ESD)
description: Deploying App-V packages by using electronic software distribution (ESD)
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 09/27/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Deploying App-V packages by using electronic software distribution (ESD)
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index f9634bb42c..23364f226c 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -2,12 +2,13 @@
title: Deploying the App-V Sequencer and configuring the client (Windows 10/11)
description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Deploying the App-V Sequencer and configuring the client
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index e425121b5a..a65e0f099d 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -2,12 +2,13 @@
title: Deploying the App-V Server (Windows 10/11)
description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10/11 by using different deployment configurations described in this article.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# Deploying the App-V server
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index 6daec0a802..a7c3a33ae3 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -2,12 +2,13 @@
title: App-V Deployment Checklist (Windows 10/11)
description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
ms.date: 04/18/2018
ms.reviewer:
manager: dougeby
ms.author: aaroncz
ms.topic: article
+ms.technology: itpro-apps
---
# App-V Deployment Checklist
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 0c38b376be..5e13809150 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -1,14 +1,14 @@
---
title: Learn about the different app types in Windows 10/11 | Microsoft Docs
description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps.
-ms.prod: w10
+ms.prod: windows-client
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.reviewer:
ms.localizationpriority: medium
ms.topic: article
-ms.collection: highpri
+ms.technology: itpro-apps
---
# Overview of apps on Windows client devices
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 88a99ecd24..0c2d4413bb 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
+ "**/*.svg",
"**/*.gif"
],
"exclude": [
@@ -36,10 +37,10 @@
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-M365-IT",
"ms.technology": "windows",
- "audience": "ITPro",
"ms.topic": "article",
- "ms.author": "elizapo",
- "feedback_system": "None",
+ "feedback_system": "GitHub",
+ "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+ "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-app-management",
@@ -58,7 +59,11 @@
],
"searchScope": ["Windows 10"]
},
- "fileMetadata": {},
+ "fileMetadata": {
+ "feedback_system": {
+ "app-v/**/*.*": "None"
+ }
+ },
"template": [],
"dest": "win-app-management",
"markdownEngineName": "markdig"
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
deleted file mode 100644
index e0270672bb..0000000000
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10/11)
-description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
-ms.reviewer:
-author: nicholasswhite
-ms.author: nwhite
-manager: aaroncz
-ms.prod: w10
-ms.localizationpriority: medium
-ms.topic: article
----
-
-# Enable or block Windows Mixed Reality apps in enterprises
-
-[!INCLUDE [Applies to Windows client versions](./includes/applies-to-windows-client-versions.md)]
-
-
-[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows Feature on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows client needs a new feature, it can request the feature package from Windows Update.
-
-Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable-windows-mixed-reality-in-wsus). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block-the-mixed-reality-portal).
-
-## Enable Windows Mixed Reality in WSUS
-
-1. [Check your version of Windows.](https://support.microsoft.com/help/13443/windows-which-operating-system)
-
- >[!NOTE]
- >You must be on at least Windows 10, version 1709, to run Windows Mixed Reality.
-
-2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
-
- 1. Download the FOD .cab file:
-
- - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab)
- - [Windows 10, version 2004](https://software-static.download.prss.microsoft.com/pr/download/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
- - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
- - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- - [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab)
-
- > [!NOTE]
- > You must download the FOD .cab file that matches your operating system version.
-
- 1. Use `Dism` to add Windows Mixed Reality FOD to the image.
-
- ```powershell
- Dism /Online /Add-Package /PackagePath:(path)
- ```
-
- > [!NOTE]
- > On Windows 10 and 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab**
-
- 1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
-
-
-IT admins can also create [Side by side feature store (shared folder)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127275(v=ws.11)) to allow access to the Windows Mixed Reality FOD.
-
-## Block the Mixed Reality Portal
-
-You can use the [AppLocker configuration service provider (CSP)](/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software.
-
-In the following example, the **Id** can be any generated GUID and the **Name** can be any name you choose. `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
-
-```xml
-
-
-
- $CmdID$
-
-
- ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions
-
-
- chr
- text/plain
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- >
-
-
-
-
-
-
-```
-
-
-## Related articles
-
-- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality)
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
index b61fb4f87e..1c99168f4a 100644
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ b/windows/application-management/provisioned-apps-windows-client-os.md
@@ -44,9 +44,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ✔️ | ✔️ | | | | | |
+ | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809|
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ✔️ | ✔️ | ✔️ | | | | | |
---
@@ -54,9 +54,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -64,9 +64,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | Use Settings App | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | Use Settings App | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -74,9 +74,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -84,9 +84,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -94,19 +94,31 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
+
+- [HEVC Video Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEVCVideoExtension_8wekyb3d8bbwe) | Package name: Microsoft.HEVCVideoExtension
+> [!NOTE]
+> For devices running Windows 11, version 21H2, and any supported version of Windows 10, you need to acquire the [HEVC Video Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEVCVideoExtension_8wekyb3d8bbwe) from the Microsoft Store.
+ - Supported versions:
+
+ ---
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️|||||||
+
+ ---
- [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | Package name:Microsoft.Messaging
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
---
@@ -114,9 +126,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -124,9 +136,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -134,9 +146,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -144,9 +156,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -154,9 +166,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -164,9 +176,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -174,9 +186,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -184,9 +196,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
---
@@ -194,9 +206,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | | ✔️ | ✔️| | ✔️| | |
+ | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ | --- | --- | --- | --- | --- | --- | --- |--- |
+ |️ | ✔️ | ✔️ | ✔️|️ | ✔️|️️|
---
@@ -204,9 +216,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -214,9 +226,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
---
@@ -224,9 +236,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -234,9 +246,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -244,9 +256,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -254,9 +266,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -264,9 +276,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -274,9 +286,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -284,9 +296,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -294,9 +306,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -304,9 +316,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -314,9 +326,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -324,9 +336,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -334,9 +346,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -344,9 +356,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -354,9 +366,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -364,9 +376,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -374,9 +386,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -386,9 +398,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -396,9 +408,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -406,9 +418,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -416,9 +428,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -426,9 +438,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -436,9 +448,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -446,9 +458,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -456,9 +468,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
@@ -466,8 +478,8 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
- Supported versions:
---
- | Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
- | --- | --- | --- | --- | --- | --- |--- |
- | ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
+ | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
+ |---| --- | --- | --- | --- | --- | --- |--- |
+ | ❌ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription.md
similarity index 98%
rename from windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
rename to windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription.md
index f5f05c6ddb..160a97cca0 100644
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 5260e5f1db..1f0b6e4447 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -1,7 +1,7 @@
---
title: Windows Tools/Administrative Tools
description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.author: vinpa
manager: aaroncz
@@ -24,11 +24,11 @@ ms.collection: highpri
The following graphic shows the **Windows Tools** folder in Windows 11:
-:::image type="content" source="media/win11-control-panel-windows-tools.png" alt-text="Screenshot of the Control Panel in Windows 11, highlighting the Administrative Tools folder." lightbox="media/win11-control-panel-windows-tools.png":::
+:::image type="content" source="images/win11-control-panel-windows-tools.png" alt-text="Screenshot of the Control Panel in Windows 11, highlighting the Administrative Tools folder." lightbox="images/win11-control-panel-windows-tools.png":::
The tools in the folder might vary depending on which edition of Windows you use.
-:::image type="content" source="media/win11-windows-tools.png" alt-text="Screenshot of the contents of the Windows Tools folder in Windows 11." lightbox="media/win11-windows-tools.png":::
+:::image type="content" source="images/win11-windows-tools.png" alt-text="Screenshot of the contents of the Windows Tools folder in Windows 11." lightbox="images/win11-windows-tools.png":::
## Administrative Tools folder (Windows 10)
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
deleted file mode 100644
index eba023fe12..0000000000
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: Advanced Troubleshooting 802.1X Authentication
-ms.reviewer:
-description: Troubleshoot authentication flow by learning how 802.1X Authentication works for wired and wireless clients.
-ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
-ms.localizationpriority: medium
-ms.topic: troubleshooting
-ms.collection: highpri
----
-
-# Advanced troubleshooting 802.1X authentication
-
-## Overview
-
-This article includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to know how the flow of authentication works, and then figure out where it's breaking. It involves many third-party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. We don't make access points or switches, so it's not an end-to-end Microsoft solution.
-
-## Scenarios
-
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication are attempted and then fail to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
-
-## Known issues
-
-None
-
-## Data collection
-
-See [Advanced troubleshooting 802.1X authentication data collection](data-collection-for-802-authentication.md).
-
-## Troubleshooting
-
-Viewing [NPS authentication status events](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735320(v%3dws.10)) in the Windows Security [event log](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722404(v%3dws.11)) is one of the most useful troubleshooting methods to obtain information about failed authentications.
-
-NPS event log entries contain information about the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you don't see both success and failure events, see the [NPS audit policy](#audit-policy) section later in this article.
-
-Check the Windows Security event log on the NPS Server for NPS events that correspond to the rejected ([event ID 6273](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or the accepted ([event ID 6272](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
-
-In the event message, scroll to the bottom, and then check the [Reason Code](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text that's associated with it.
-
- 
- *Example: event ID 6273 (Audit Failure)*
-
- 
- *Example: event ID 6272 (Audit Success)*
-
-The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, if connectivity problems occur, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
-
-On the client side, go to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, go to **..\Wired-AutoConfig/Operational**. See the following example:
-
-
-
-Most 802.1X authentication issues are because of problems with the certificate that's used for client or server authentication. Examples include invalid certificate, expiration, chain verification failure, and revocation check failure.
-
-First, validate the type of EAP method that's used:
-
-
-
-If a certificate is used for its authentication method, check whether the certificate is valid. For the server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Select and hold (or right-click) the policy, and then select **Properties**. In the pop-up window, go to the **Constraints** tab, and then select the **Authentication Methods** section.
-
-
-
-The CAPI2 event log is useful for troubleshooting certificate-related issues.
-By default, this log isn't enabled. To enable this log, expand **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, select and hold (or right-click) **Operational**, and then select **Enable Log**.
-
-
-
-For information about how to analyze CAPI2 event logs, see
-[Troubleshooting PKI Problems on Windows Vista](/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29).
-
-When troubleshooting complex 802.1X authentication issues, it's important to understand the 802.1X authentication process. Here's an example of wireless connection process with 802.1X authentication:
-
-
-
-If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter for a client-side capture, and **EAP** for an NPS-side capture. See the following examples:
-
-
-*Client-side packet capture data*
-
-
-*NPS-side packet capture data*
-
-
-> [!NOTE]
-> If you have a wireless trace, you can also [view ETL files with network monitor](/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. If you need to load the required [parser](/archive/blogs/netmon/parser-profiles-in-network-monitor-3-4), see the instructions under the **Help** menu in Network Monitor. Here's an example:
-
-
-
-## Audit policy
-
-By default, NPS audit policy (event logging) for connection success and failure is enabled. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
-
-View the current audit policy settings by running the following command on the NPS server:
-```console
-auditpol /get /subcategory:"Network Policy Server"
-```
-
-If both success and failure events are enabled, the output should be:
-
-System audit policy
-Category/Subcategory Setting
-Logon/Logoff
- Network Policy Server Success and Failure
-
-
-If it says, "No auditing," you can run this command to enable it:
-```console
-auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
-```
-
-Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**.
-
-## More references
-
-[Troubleshooting Windows Vista 802.11 Wireless Connections](/previous-versions/windows/it-pro/windows-vista/cc766215(v=ws.10))
-[Troubleshooting Windows Vista Secure 802.3 Wired Connections](/previous-versions/windows/it-pro/windows-vista/cc749352(v=ws.10))
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
deleted file mode 100644
index 817cffb7c0..0000000000
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ /dev/null
@@ -1,356 +0,0 @@
----
-title: Advanced troubleshooting for Windows boot problems
-description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals.
-ms.prod: w10
-ms.technology: windows
-ms.localizationpriority: medium
-ms.date: 06/02/2022
-author: aczechowski
-ms.author: aaroncz
-ms.reviewer:
-manager: dougeby
-ms.topic: troubleshooting
-ms.collection: highpri
----
-
-# Advanced troubleshooting for Windows boot problems
-
-
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues.
-
-> [!NOTE]
-> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5).
-
-## Summary
-
-There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
-
-| Phase | Boot Process | BIOS | UEFI |
-|-----------|----------------------|------------------------------------|-----------------------------------|
-| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware |
-| 2 | Windows Boot Manager | %SystemDrive%\bootmgr | \EFI\Microsoft\Boot\bootmgfw.efi |
-| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi |
-| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | |
-
-1. **PreBoot**: The PC's firmware initiates a power-on self test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
-
-2. **Windows Boot Manager**: Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
-
-3. **Windows operating system loader**: Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
-
-4. **Windows NT OS Kernel**: The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
-
- The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
-
-
-
-Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger.
-
-:::image type="content" source="images/boot-sequence-thumb.png" alt-text="Diagram of the boot sequence flowchart." lightbox="images/boot-sequence.png":::
-
-Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
-
-> [!NOTE]
-> If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
->
-> `Bcdedit /set {default} recoveryenabled no`
->
-> If the F8 options don't work, run the following command:
->
-> `Bcdedit /set {default} bootmenupolicy legacy`
-
-## BIOS phase
-
-To determine whether the system has passed the BIOS phase, follow these steps:
-
-1. If there are any external peripherals connected to the computer, disconnect them.
-
-2. Check whether the hard disk drive light on the physical computer is working. If it's not working, this dysfunction indicates that the startup process is stuck at the BIOS phase.
-
-3. Press the NumLock key to see whether the indicator light toggles on and off. If it doesn't toggle, this dysfunction indicates that the startup process is stuck at BIOS.
-
- If the system is stuck at the BIOS phase, there may be a hardware problem.
-
-## Boot loader phase
-
-If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase:
-
-- Boot Configuration Data (BCD) missing or corrupted
-- Boot file or MBR corrupted
-- Operating system Missing
-- Boot sector missing or corrupted
-- Bootmgr missing or corrupted
-- Unable to boot due to system hive missing or corrupted
-
-To troubleshoot this problem, use Windows installation media to start the computer, press **Shift** + **F10** for a command prompt, and then use any of the following methods.
-
-### Method 1: Startup Repair tool
-
-The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
-
-To do this task of invoking the Startup Repair tool, follow these steps.
-
-> [!NOTE]
-> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#entry-points-into-winre).
-
-1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d).
-
-2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
-
-3. On the **Choose an option** screen, select **Troubleshoot**.
-
-4. On the **Advanced options** screen, select **Startup Repair**.
-
-5. After Startup Repair, select **Shutdown**, then turn on your PC to see if Windows can boot properly.
-
-The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
-
-`%windir%\System32\LogFiles\Srt\Srttrail.txt`
-
-For more information, see [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
-
-### Method 2: Repair Boot Codes
-
-To repair boot codes, run the following command:
-
-```command
-BOOTREC /FIXMBR
-```
-
-To repair the boot sector, run the following command:
-
-```command
-BOOTREC /FIXBOOT
-```
-
-> [!NOTE]
-> Running `BOOTREC` together with `Fixmbr` overwrites only the master boot code. If the corruption in the MBR affects the partition table, running `Fixmbr` may not fix the problem.
-
-### Method 3: Fix BCD errors
-
-If you receive BCD-related errors, follow these steps:
-
-1. Scan for all the systems that are installed. To do this step, run the following command:
-
- ```command
- Bootrec /ScanOS
- ```
-
-2. Restart the computer to check whether the problem is fixed.
-
-3. If the problem isn't fixed, run the following commands:
-
- ```command
- bcdedit /export c:\bcdbackup
-
- attrib c:\boot\bcd -r -s -h
-
- ren c:\boot\bcd bcd.old
-
- bootrec /rebuildbcd
- ```
-
-4. Restart the system.
-
-### Method 4: Replace Bootmgr
-
-If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this replacement, follow these steps:
-
-1. At a command prompt, change the directory to the System Reserved partition.
-
-2. Run the `attrib` command to unhide the file:
-
- ```command
- attrib -r -s -h
- ```
-
-3. Navigate to the system drive and run the same command:
-
- ```command
- attrib -r -s -h
- ```
-
-4. Rename the `bootmgr` file as `bootmgr.old`:
-
- ```command
- ren c:\bootmgr bootmgr.old
- ```
-
-5. Navigate to the system drive.
-
-6. Copy the `bootmgr` file, and then paste it to the System Reserved partition.
-
-7. Restart the computer.
-
-### Method 5: Restore system hive
-
-If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step, use the Windows Recovery Environment or use the Emergency Repair Disk (ERD) to copy the files from the `C:\Windows\System32\config\RegBack` directory to `C:\Windows\System32\config`.
-
-If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
-
-> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
-
-## Kernel Phase
-
-If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples:
-
-- A Stop error appears after the splash screen (Windows Logo screen).
-
-- Specific error code is displayed. For example, `0x00000C2` , `0x0000007B` , or `inaccessible boot device`.
- - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
- - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
-
-- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
-
-- A black screen appears after the splash screen.
-
-To troubleshoot these problems, try the following recovery boot options one at a time.
-
-### Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration
-
-On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
-
-1. Use one of the following methods to open Event Viewer:
-
- - Go to the **Start** menu, select **Administrative Tools**, and then select **Event Viewer**.
-
- - Start the Event Viewer snap-in in Microsoft Management Console (MMC).
-
-2. In the console tree, expand Event Viewer, and then select the log that you want to view. For example, choose **System log** or **Application log**.
-
-3. In the details pane, open the event that you want to view.
-
-4. On the **Edit** menu, select **Copy**. Open a new document in the program in which you want to paste the event. For example, Microsoft Word. Then select **Paste**.
-
-5. Use the up arrow or down arrow key to view the description of the previous or next event.
-
-### Clean boot
-
-To troubleshoot problems that affect services, do a clean boot by using System Configuration (`msconfig`).
-Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party.
-
-Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
-
-For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd).
-
-If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
-[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
-
-> [!NOTE]
-> If the computer is a domain controller, try Directory Services Restore mode (DSRM).
->
-> This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
-
-#### Examples
-
-> [!WARNING]
-> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.
-
-*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
-
-To troubleshoot this Stop error, follow these steps to filter the drivers:
-
-1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
-
-2. Open the registry.
-
-3. Load the system hive, and name it **test**.
-
-4. Under the following registry subkey, check for lower filter and upper filter items for non-Microsoft drivers:
-
- `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class`
-
-5. For each third-party driver that you locate, select the upper or lower filter, and then delete the value data.
-
-6. Search through the whole registry for similar items. Process as appropriate, and then unload the registry hive.
-
-7. Restart the server in Normal mode.
-
-For more troubleshooting steps, see [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md).
-
-To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
-
-1. Open a Command Prompt window in WinRE.
-
-2. Run the command:
-
- ```command
- DISM /image:C:\ /get-packages
- ```
-
-3. If there are any pending updates, uninstall them by running the following commands:
-
- ```command
- DISM /image:C:\ /remove-package /packagename: name of the package
-
- DISM /Image:C:\ /Cleanup-Image /RevertPendingActions
- ```
-
- Try to start the computer.
-
-If the computer doesn't start, follow these steps:
-
-1. Open a command prompt window in WinRE, and start a text editor, such as Notepad.
-
-2. Navigate to the system drive, and search for `windows\winsxs\pending.xml`.
-
-3. If the pending.xml file is found, rename the file as `pending.xml.old`.
-
-4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as test.
-
-5. Highlight the loaded test hive, and then search for the `pendingxmlidentifier` value.
-
-6. If the `pendingxmlidentifier` value exists, delete it.
-
-7. Unload the test hive.
-
-8. Load the system hive, name it **test**.
-
-9. Navigate to the following subkey:
-
- `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller`
-
-10. Change the **Start** value from `1` to `4`.
-
-11. Unload the hive.
-
-12. Try to start the computer.
-
-If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For more information, see [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md).
-
-For more information about page file problems in Windows 10 or Windows Server 2016, see [Introduction to page files](./introduction-page-file.md).
-
-For more information about Stop errors, see [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md).
-
-Sometimes the dump file shows an error that's related to a driver. For example, `windows\system32\drivers\stcvsm.sys` is missing or corrupted. In this instance, follow these guidelines:
-
-- Check the functionality that's provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
-
-- If the driver isn't important and has no dependencies, load the system hive, and then disable the driver.
-
-- If the stop error indicates system file corruption, run the system file checker in offline mode.
-
- - To do this action, open WinRE, open a command prompt, and then run the following command:
-
- ```command
- SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
- ```
-
- For more information, see [Using system file checker (SFC) to fix issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues).
-
- - If there's disk corruption, run the check disk command:
-
- ```command
- chkdsk /f /r
- ```
-
-- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
-
- 1. Start WinRE, and open a command prompt window.
- 2. Start a text editor, such as Notepad.
- 3. Navigate to `C:\Windows\System32\Config\`.
- 4. Rename the all five hives by appending `.old` to the name.
- 5. Copy all the hives from the `Regback` folder, paste them in the `Config` folder, and then try to start the computer in Normal mode.
-
-> [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
deleted file mode 100644
index 35484e641a..0000000000
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ /dev/null
@@ -1,324 +0,0 @@
----
-title: Advanced Troubleshooting Wireless Network Connectivity
-ms.reviewer:
-manager: dougeby
-description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine.
-ms.prod: w10
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-ms.topic: troubleshooting
----
-
-# Advanced troubleshooting wireless network connectivity
-
-> [!NOTE]
-> Home users: This article is intended for use by support agents and IT professionals. If you're looking for more general information about Wi-Fi problems in Windows 10, check out this [Windows 10 Wi-Fi fix article](https://support.microsoft.com/en-in/help/4000432/windows-10-fix-wi-fi-problems).
-
-## Overview
-
-This overview describes the general troubleshooting of establishing Wi-Fi connections from Windows clients.
-Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. Understanding this flow makes it easier to determine the starting point in a repro scenario in which a different behavior is found.
-This workflow involves knowledge and use of [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases), an extensive text filtering tool that is useful with complex traces with numerous ETW providers such as wireless_dbg trace scenario.
-
-## Scenarios
-
-This article applies to any scenario in which Wi-Fi connections fail to establish. The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7.
-
-> [!NOTE]
-> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component [Event Tracing for Windows](/windows/desktop/etw/event-tracing-portal) (ETW). It's not meant to be representative of every wireless problem scenario.
-
-Wireless ETW is incredibly verbose and calls out many innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem.
-
-It's important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors.
-The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem.
-
-### Known Issues and fixes
-
-| OS version | Fixed in |
-| --- | --- |
-| **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) |
-| **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) |
-| **Windows 10, version 1703** | [KB4338827](https://support.microsoft.com/help/4338827) |
-
-Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update-history webpage for your system:
-- [Windows 10 version 1809](https://support.microsoft.com/help/4464619)
-- [Windows 10 version 1803](https://support.microsoft.com/help/4099479)
-- [Windows 10 version 1709](https://support.microsoft.com/en-us/help/4043454)
-- [Windows 10 version 1703](https://support.microsoft.com/help/4018124)
-- [Windows 10 version 1607 and Windows Server 2016](https://support.microsoft.com/help/4000825)
-- [Windows 10 version 1511](https://support.microsoft.com/help/4000824)
-- [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470)
-- [Windows Server 2012](https://support.microsoft.com/help/4009471)
-- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469)
-
-## Data Collection
-
-1. Network Capture with ETW. Enter the following command at an elevated command prompt:
-
- ```console
- netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
- ```
-2. Reproduce the issue.
- - If there's a failure to establish connection, try to manually connect.
- - If it's intermittent but easily reproducible, try to manually connect until it fails. Record the time of each connection attempt, and whether it was a success or failure.
- - If the issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn’t overwrite the repro data.
- - If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
-3. Stop the trace by entering the following command:
-
- ```console
- netsh trace stop
- ```
-4. To convert the output file to text format:
-
- ```console
- netsh trace convert c:\tmp\wireless.etl
- ```
-
-See the [example ETW capture](#example-etw-capture) at the bottom of this article for an example of the command output. After running these commands, you'll have three files: wireless.cab, wireless.etl, and wireless.txt.
-
-## Troubleshooting
-
-The following view is a high-level one of the main wifi components in Windows.
-
-|Wi-fi Components|Description|
-|--- |--- |
-||The Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service.|
-||The WLAN Autoconfig Service (WlanSvc) handles the following core functions of wireless networks in windows:
Scanning for wireless networks in range
Managing connectivity of wireless networks|
-||The Media Specific Module (MSM) handles security aspects of connection being established.|
-||The Native WiFi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.|
-||Third-party wireless miniport drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.|
-
-The wifi connection state machine has the following states:
-- Reset
-- Ihv_Configuring
-- Configuring
-- Associating
-- Authenticating
-- Roaming
-- Wait_For_Disconnected
-- Disconnected
-
-Standard wifi connections tend to transition between states such as:
-
-- Connecting
-
- Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
-
-- Disconnecting
-
- Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
-
-Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
-
-Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page.
-
-An example of a good connection setup is:
-
-```console
-44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
-45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
-45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
-46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
-47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
-49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
-```
-
-An example of a failed connection setup is:
-
-```console
-44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
-45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
-45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
-46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
-47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
-49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
-```
-
-By identifying the state at which the connection fails, one can focus more specifically in the trace on logs prior to the last known good state.
-
-Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components.
-In many cases the next component of interest will be the MSM, which lies just below Wlansvc.
-
-The important components of the MSM include:
-- Security Manager (SecMgr) - handles all pre and post-connection security operations.
-- Authentication Engine (AuthMgr) – Manages 802.1x auth requests
-
- 
-
-Each of these components has its own individual state machines that follow specific transitions.
-Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** filters in TextAnalysisTool for more detail.
-
-Further to the preceding example, the combined filters look like the following command example:
-
-```console
-[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Reset to State: Ihv_Configuring
-[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Ihv_Configuring to State: Configuring
-[1] 0C34.2FE8::08/28/17-13:24:28.711 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Configuring to State: Associating
-[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition INACTIVE (1) --> ACTIVE (2)
-[0] 0C34.275C::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition ACTIVE (2) --> START AUTH (3)
-[4] 0EF8.0708::08/28/17-13:24:28.928 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition ENABLED --> START_AUTH
-[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Associating to State: Authenticating
-[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
-[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH --> AUTHENTICATING
-[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
-[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
-[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Authenticating to State: Roaming
-```
-
-> [!NOTE]
-> In the next to last line the SecMgr transition is suddenly deactivating:
->\[2\] 0C34.2FF0::08/28/17-13:24:29.7512788 \[Microsoft-Windows-WLAN-AutoConfig\]Port\[13\] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
->This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing prior to this SecMgr behavior to determine the reason for the deactivation.
-
-Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
-
-```console
-[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Associating to State: Authenticating
-[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
-[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH --> AUTHENTICATING
-[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PHY_STATE_CHANGE
-[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Change radio state for interface = Intel(R) Centrino(R) Ultimate-N 6300 AGN : PHY = 3, software state = on , hardware state = off )
-[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PORT_DOWN
-[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]FSM Current state Authenticating , event Upcall_Port_Down
-[0] 0EF8.1174:: 08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received IHV PORT DOWN, peer 0x186472F64FD2
-[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
- [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
-[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Authenticating to State: Roaming
-```
-
-The trail backwards reveals a **Port Down** notification:
-
-\[0\] 0EF8.1174:: 08/28/17-13:24:29.705 \[Microsoft-Windows-WLAN-AutoConfig\]Received IHV PORT DOWN, peer 0x186472F64FD2
-
-Port events indicate changes closer to the wireless hardware. The trail can be followed by continuing to see the origin of this indication.
-
-Below, the MSM is the native wifi stack. These drivers are Windows native wifi drivers that talk to the wifi miniport drivers. It's responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.
-
-Enable trace filter for **[Microsoft-Windows-NWifi]:**
-
-```console
-[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Associating to State: Authenticating
-[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
-[4] 0EF8.0708::08/28/17-13:24:28.962 [Microsoft-Windows-WLAN-AutoConfig]Port (14) Peer 0x8A1514B62510 AuthMgr Transition START_AUTH --> AUTHENTICATING
-[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
-[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PHY_STATE_CHANGE
-[0]0EF8.2EF4::08/28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig]Change radio state for interface = Intel(R) Centrino(R) Ultimate-N 6300 AGN : PHY = 3, software state = on , hardware state = off )
-[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received Security Packet: PORT_DOWN
-[0] 0EF8.1174::08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]FSM Current state Authenticating , event Upcall_Port_Down
-[0] 0EF8.1174:: 08/28/17-13:24:29.705 [Microsoft-Windows-WLAN-AutoConfig]Received IHV PORT DOWN, peer 0x186472F64FD2
-[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
- [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
-[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
-Authenticating to State: Roaming
-```
-
-In the trace above, we see the line:
-
-```console
-[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
-```
-
-This line is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This denail could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This action would be done by examining internal logging/tracing from the AP.
-
-### Resources
-
-[802.11 Wireless Tools and Settings](/previous-versions/windows/it-pro/windows-server-2003/cc755892(v%3dws.10))
-[Understanding 802.1X authentication for wireless networks](/previous-versions/windows/it-pro/windows-server-2003/cc759077%28v%3dws.10%29)
-
-## Example ETW capture
-
-```console
-C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
-
-Trace configuration:
--------------------------------------------------------------------
-Status: Running
-Trace File: C:\tmp\wireless.etl
-Append: Off
-Circular: On
-Max Size: 4096 MB
-Report: Off
-
-C:\tmp>netsh trace stop
-Correlating traces ... done
-Merging traces ... done
-Generating data collection ... done
-The trace file and additional troubleshooting information have been compiled as "c:\tmp\wireless.cab".
-File location = c:\tmp\wireless.etl
-Tracing session was successfully stopped.
-
-C:\tmp>netsh trace convert c:\tmp\wireless.etl
-
-Input file: c:\tmp\wireless.etl
-Dump file: c:\tmp\wireless.txt
-Dump format: TXT
-Report file: -
-Generating dump ... done
-
-C:\tmp>dir
- Volume in drive C has no label.
- Volume Serial Number is 58A8-7DE5
-
- Directory of C:\tmp
-
-01/09/2019 02:59 PM [DIR] .
-01/09/2019 02:59 PM [DIR] ..
-01/09/2019 02:59 PM 4,855,952 wireless.cab
-01/09/2019 02:56 PM 2,752,512 wireless.etl
-01/09/2019 02:59 PM 2,786,540 wireless.txt
- 3 File(s) 10,395,004 bytes
- 2 Dir(s) 46,648,332,288 bytes free
-```
-
-## Wifi filter file
-
-Copy and paste all the lines below and save them into a text file named "wifi.tat." Load the filter file into the TextAnalysisTool by clicking **File > Load Filters**.
-
-```xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-## TextAnalysisTool example
-
-In the following example, the **View** settings are configured to **Show Only Filtered Lines**.
-
-
diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/appv-deploy-and-config.md
similarity index 94%
rename from windows/client-management/mdm/appv-deploy-and-config.md
rename to windows/client-management/appv-deploy-and-config.md
index a407704b93..692e73a572 100644
--- a/windows/client-management/mdm/appv-deploy-and-config.md
+++ b/windows/client-management/appv-deploy-and-config.md
@@ -3,8 +3,8 @@ title: Deploy and configure App-V apps using MDM
description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
@@ -21,7 +21,7 @@ manager: aaroncz
### EnterpriseAppVManagement CSP node structure
-[EnterpriseAppVManagement CSP reference](./enterpriseappvmanagement-csp.md)
+[EnterpriseAppVManagement CSP reference](mdm/enterpriseappvmanagement-csp.md)
The following example shows the EnterpriseAppVManagement configuration service provider in tree format.
@@ -72,7 +72,7 @@ EnterpriseAppVManagement
AppVDynamicPolicy - A read/write node that contains the App-V dynamic configuration for an MDM device (applied globally to all users for that device) or a specific MDM user.
This example shows how to allow package scripts to run during package operations (publish, run, and unpublish). Allowing package scripts helps package deployments (add and publish of App-V apps).
Complete list of App-V policies can be found here:
-[Policy CSP](./policy-configuration-service-provider.md)
+[Policy CSP](mdm/policy-configuration-service-provider.md)
#### SyncML with package published for a device (global to all users for that device)
@@ -199,11 +199,11 @@ EnterpriseAppVManagement
-
+
-
+
```
*PackageUrl can be a UNC or HTTP/HTTPS endpoint.
@@ -236,7 +236,7 @@ EnterpriseAppVManagement
[{ProgramFilesX86}]\Skype\Phone\Skype.exe[{Windows}]\Installer\{FC965A47-4839-40CA-B61818F486F042C6}\SkypeIcon.exe.0.ico
- [{ProgramFilesX86}]\Skype\
+ [{ProgramFilesX86}]\Skype\Skype.Desktop.ApplicationLaunch Skype1
@@ -339,8 +339,8 @@ EnterpriseAppVManagement
-
-```
+
+```
#### SyncML for publishing mixed-mode connection group containing global and user-published packages
@@ -403,7 +403,7 @@ EnterpriseAppVManagement
-
+
@@ -419,7 +419,7 @@ EnterpriseAppVManagement
-
+
```
#### Unpublish example SyncML for all global packages
@@ -481,5 +481,5 @@ EnterpriseAppVManagement
./User/Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement?list=StructData
-
+
```
\ No newline at end of file
diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/assign-seats.md
similarity index 96%
rename from windows/client-management/mdm/assign-seats.md
rename to windows/client-management/assign-seats.md
index 7394103149..929b1d62e2 100644
--- a/windows/client-management/mdm/assign-seats.md
+++ b/windows/client-management/assign-seats.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md
similarity index 99%
rename from windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
rename to windows/client-management/azure-active-directory-integration-with-mdm.md
index 467e007dd7..928db9a0cb 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
similarity index 95%
rename from windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
rename to windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index e54875a1df..4770e2515b 100644
--- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -3,8 +3,8 @@ title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Porta
description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new portal
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/18/2020
ms.reviewer:
diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/bulk-assign-and-reclaim-seats-from-user.md
similarity index 96%
rename from windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
rename to windows/client-management/bulk-assign-and-reclaim-seats-from-user.md
index a02395dea5..dde32f1d1f 100644
--- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
+++ b/windows/client-management/bulk-assign-and-reclaim-seats-from-user.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
similarity index 97%
rename from windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
rename to windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
index c54261ccfa..62d404f9d4 100644
--- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
@@ -8,15 +8,15 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
# Bulk enrollment
-Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario.
+Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. In Windows 10 and 11 desktop devices, you can use the [Provisioning CSP](mdm/provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join (Cloud Domain Join) enrollment scenario.
## Typical use cases
@@ -69,9 +69,9 @@ Using the WCD, create a provisioning package using the enrollment information re
- **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
- **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
- **Secret** - Password
- For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
+ For detailed descriptions of these settings, see [Provisioning CSP](mdm/provisioning-csp.md).
Here's the screenshot of the WCD at this point.
-
+
9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
10. When you're done adding all the settings, on the **File** menu, click **Save**.
@@ -118,7 +118,7 @@ Using the WCD, create a provisioning package using the enrollment information re
- **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
- **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
- **Secret** - the certificate thumbprint.
- For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
+ For detailed descriptions of these settings, see [Provisioning CSP](mdm/provisioning-csp.md).
8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
9. When you're done adding all the settings, on the **File** menu, click **Save**.
10. Export and build the package (steps 10-13 in the procedure above).
diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/certificate-authentication-device-enrollment.md
similarity index 99%
rename from windows/client-management/mdm/certificate-authentication-device-enrollment.md
rename to windows/client-management/certificate-authentication-device-enrollment.md
index 9ea52d92fc..2f5129ba9b 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/certificate-authentication-device-enrollment.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/certificate-renewal-windows-mdm.md
similarity index 95%
rename from windows/client-management/mdm/certificate-renewal-windows-mdm.md
rename to windows/client-management/certificate-renewal-windows-mdm.md
index 96a2369975..8b44256d9e 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/certificate-renewal-windows-mdm.md
@@ -8,8 +8,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -30,18 +30,18 @@ Windows supports automatic certificate renewal, also known as Renew On Behalf Of
Auto certificate renewal is the only supported MDM client certificate renewal method for the device that's enrolled using WAB authentication. Meaning, the AuthPolicy is set to Federated. It also means if the server supports WAB authentication, then the MDM certificate enrollment server MUST also support client TLS to renew the MDM client certificate.
-For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP’s](certificatestore-csp.md) ROBOSupport node under CertificateStore/My/WSTEP/Renew URL.
+For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP’s](mdm/certificatestore-csp.md) ROBOSupport node under CertificateStore/My/WSTEP/Renew URL.
With automatic renewal, the PKCS\#7 message content isn’t b64 encoded separately. With manual certificate renewal, there's an additional b64 encoding for PKCS\#7 message content.
-During the automatic certificate renewal process, if the root certificate isn’t trusted by the device, the authentication will fail. Use one of device pre-installed root certificates, or configure the root cert over a DM session using the [CertificateStore CSP](certificatestore-csp.md).
+During the automatic certificate renewal process, if the root certificate isn’t trusted by the device, the authentication will fail. Use one of device pre-installed root certificates, or configure the root cert over a DM session using the [CertificateStore CSP](mdm/certificatestore-csp.md).
During the automatic certificate renew process, the device will deny HTTP redirect request from the server. It won't deny the request if the same redirect URL that the user accepted during the initial MDM enrollment process is used.
The following example shows the details of an automatic renewal request.
```xml
-
@@ -62,7 +62,7 @@ The following example shows the details of an automatic renewal request.
user@contoso.com
+ "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
@@ -73,9 +73,9 @@ The following example shows the details of an automatic renewal request.
http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew
-
BinarySecurityTokenInsertedHere
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
index 7a16f17f4d..73fe0c3a57 100644
--- a/windows/client-management/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -1,7 +1,7 @@
---
title: Windows 10 default media removal policy
description: In Windows 10, version 1809, the default removal policy for external storage media changed from Better performance to Quick removal.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.author: vinpa
ms.date: 11/25/2020
diff --git a/windows/client-management/change-history-for-mdm-documentation.md b/windows/client-management/change-history-for-mdm-documentation.md
new file mode 100644
index 0000000000..899c2dc399
--- /dev/null
+++ b/windows/client-management/change-history-for-mdm-documentation.md
@@ -0,0 +1,317 @@
+---
+title: Change history for MDM documentation
+description: This article lists new and updated articles for Mobile Device Management.
+author: vinaypamnani-msft
+ms.author: vinpa
+ms.reviewer:
+manager: aaroncz
+ms.topic: article
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.localizationpriority: medium
+ms.date: 11/06/2020
+---
+
+# Change history for Mobile Device Management documentation
+
+As of November 2020 This page will no longer be updated. This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those articles that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues aren't listed.
+
+## November 2020
+
+|New or updated article | Description|
+|--- | ---|
+| [Policy CSP](mdm/policy-configuration-service-provider.md) | Added the following new policy: - [Multitasking/BrowserAltTabBlowout](mdm/policy-csp-multitasking.md#multitasking-browseralttabblowout) |
+| [SurfaceHub CSP](mdm/surfacehub-csp.md) | Added the following new node: -Properties/SleepMode |
+
+## October 2020
+
+|New or updated article | Description|
+|--- | ---|
+| [Policy CSP](mdm/policy-configuration-service-provider.md) | Added the following new policies - [Experience/DisableCloudOptimizedContent](mdm/policy-csp-experience.md#experience-disablecloudoptimizedcontent) - [LocalUsersAndGroups/Configure](mdm/policy-csp-localusersandgroups.md#localusersandgroups-configure) - [MixedReality/AADGroupMembershipCacheValidityInDays](mdm/policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/BrightnessButtonDisabled](mdm/policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) - [MixedReality/FallbackDiagnostics](mdm/policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) - [MixedReality/MicrophoneDisabled](mdm/policy-csp-mixedreality.md#mixedreality-microphonedisabled) - [MixedReality/VolumeButtonDisabled](mdm/policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) - [Update/DisableWUfBSafeguards](mdm/policy-csp-update.md#update-disablewufbsafeguards) - [WindowsSandbox/AllowAudioInput](mdm/policy-csp-windowssandbox.md#windowssandbox-allowaudioinput) - [WindowsSandbox/AllowClipboardRedirection](mdm/policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection) - [WindowsSandbox/AllowNetworking](mdm/policy-csp-windowssandbox.md#windowssandbox-allownetworking) - [WindowsSandbox/AllowPrinterRedirection](mdm/policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection) - [WindowsSandbox/AllowVGPU](mdm/policy-csp-windowssandbox.md#windowssandbox-allowvgpu) - [WindowsSandbox/AllowVideoInput](mdm/policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) |
+
+## September 2020
+
+|New or updated article | Description|
+|--- | ---|
+|[NetworkQoSPolicy CSP](mdm/networkqospolicy-csp.md)|Updated support information of the NetworkQoSPolicy CSP.|
+|[Policy CSP - LocalPoliciesSecurityOptions](mdm/policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation: - RecoveryConsole_AllowAutomaticAdministrativeLogon - DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways - DomainMember_DigitallyEncryptSecureChannelDataWhenPossible - DomainMember_DisableMachineAccountPasswordChanges - SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems |
+
+## August 2020
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - System](mdm/policy-csp-system.md)|Removed the following policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing |
+
+## July 2020
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - System](mdm/policy-csp-system.md)|Added the following new policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing
Updated the following policy setting: - System/AllowCommercialDataPipeline |
+
+## June 2020
+
+|New or updated article | Description|
+|--- | ---|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Added SKU support table for **AllowStandardUserEncryption**.|
+|[Policy CSP - NetworkIsolation](mdm/policy-csp-networkisolation.md)|Updated the description from Boolean to Integer for the following policy settings: EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative.|
+
+## May 2020
+
+|New or updated article | Description|
+|--- | ---|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.|
+|[Policy CSP - RestrictedGroups](mdm/policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table.
+
+## February 2020
+
+|New or updated article | Description|
+|--- | ---|
+|[CertificateStore CSP](mdm/certificatestore-csp.md) [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md)|Added details about SubjectName value.|
+
+## January 2020
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - Defender](mdm/policy-csp-defender.md)|Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.|
+
+## November 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - DeliveryOptimization](mdm/policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.|
+|[DiagnosticLog CSP](mdm/diagnosticlog-csp.md)|Added substantial updates to this CSP doc.|
+
+## October 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Added the following new nodes: ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.|
+|[Defender CSP](mdm/defender-csp.md)|Added the following new nodes: Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.|
+
+## September 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added the following new node: IsStub.|
+|[Policy CSP - Defender](mdm/policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
+|[Policy CSP - DeviceInstallation](mdm/policy-csp-deviceinstallation.md)|Added the following new policies: DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.|
+
+## August 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[DiagnosticLog CSP](mdm/diagnosticlog-csp.md) [DiagnosticLog DDF](mdm/diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes: Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.|
+|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include more reference links and the following two topics: Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.|
+
+## July 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following list: Policies supported by HoloLens 2|
+|[ApplicationControl CSP](mdm/applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
+|[PassportForWork CSP](mdm/passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903: SecurityKey, SecurityKey/UseSecurityKeyForSignin|
+|[Policy CSP - Privacy](mdm/policy-csp-privacy.md)|Added the following new policies: LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
+|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported: Create a custom configuration service provider Design a custom configuration service provider IConfigServiceProvider2 IConfigServiceProvider2::ConfigManagerNotification IConfigServiceProvider2::GetNode ICSPNode ICSPNode::Add ICSPNode::Clear ICSPNode::Copy ICSPNode::DeleteChild ICSPNode::DeleteProperty ICSPNode::Execute ICSPNode::GetChildNodeNames ICSPNode::GetProperty ICSPNode::GetPropertyIdentifiers ICSPNode::GetValue ICSPNode::Move ICSPNode::SetProperty ICSPNode::SetValue ICSPNodeTransactioning ICSPValidate Samples for writing a custom configuration service provider.|
+
+## June 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - DeviceHealthMonitoring](mdm/policy-csp-devicehealthmonitoring.md)|Added the following new policies: AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.|
+|[Policy CSP - TimeLanguageSettings](mdm/policy-csp-timelanguagesettings.md)|Added the following new policy: ConfigureTimeZone.|
+
+## May 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[DeviceStatus CSP](mdm/devicestatus-csp.md)|Updated description of the following nodes: DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.|
+|[EnrollmentStatusTracking CSP](mdm/enrollmentstatustracking-csp.md)|Added new CSP in Windows 10, version 1903.|
+|[Policy CSP - DeliveryOptimization](mdm/policy-csp-deliveryoptimization.md)|Added the following new policies: DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground.
Updated description of the following policies: DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.|
+|[Policy CSP - Experience](mdm/policy-csp-experience.md)|Added the following new policy: ShowLockOnUserTile.|
+|[Policy CSP - InternetExplorer](mdm/policy-csp-internetexplorer.md)|Added the following new policies: AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.|
+|[Policy CSP - Power](mdm/policy-csp-power.md)|Added the following new policies: EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.|
+|[Policy CSP - Search](mdm/policy-csp-search.md)|Added the following new policy: AllowFindMyFiles.|
+|[Policy CSP - ServiceControlManager](mdm/policy-csp-servicecontrolmanager.md)|Added the following new policy: SvchostProcessMitigation.|
+|[Policy CSP - System](mdm/policy-csp-system.md)|Added the following new policies: AllowCommercialDataPipeline, TurnOffFileHistory.|
+|[Policy CSP - Troubleshooting](mdm/policy-csp-troubleshooting.md)|Added the following new policy: AllowRecommendations.|
+|[Policy CSP - Update](mdm/policy-csp-update.md)|Added the following new policies: AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.|
+|[Policy CSP - WindowsLogon](mdm/policy-csp-windowslogon.md)|Added the following new policies: AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.
Removed the following policy: SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.|
+
+## April 2019
+
+| New or updated article | Description |
+|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section: Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. |
+| [Policy CSP - UserRights](mdm/policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. |
+
+## March 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - Storage](mdm/policy-csp-storage.md)|Updated ADMX Info of the following policies: AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold.
Updated description of ConfigStorageSenseDownloadsCleanupThreshold.|
+
+## February 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Updated supported policies for Holographic.|
+
+## January 2019
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - Storage](mdm/policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
+|[SharedPC CSP](mdm/sharedpc-csp.md)|Updated values and supported operations.|
+|[Mobile device management](mdm/index.yml)|Updated information about MDM Security Baseline.|
+
+## December 2018
+
+|New or updated article | Description|
+|--- | ---|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.|
+
+## September 2018
+
+|New or updated article | Description|
+|--- | ---|
+|[Policy CSP - DeviceGuard](mdm/policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.|
+
+## August 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.|
+|[Office CSP](mdm/office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.|
+|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
+|[TenantLockdown CSP](mdm/tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
+|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
+|[Policy DDF file](mdm/policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
Start/DisableContextMenus - added in Windows 10, version 1803.
RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.|
+
+## July 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Added the following note:
You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.|
+|[PassportForWork CSP](mdm/passportforwork-csp.md)|Added new settings in Windows 10, version 1809.|
+|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.|
+|[Win32CompatibilityAppraiser CSP](mdm/win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.|
+|[WindowsLicensing CSP](mdm/windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.|
+|[SUPL CSP](mdm/supl-csp.md)|Added three new certificate nodes in Windows 10, version 1809.|
+|[Defender CSP](mdm/defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.|
+|[DevDetail CSP](mdm/devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
DataUsage/SetCost3G - deprecated in Windows 10, version 1809.|
+
+## June 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[Wifi CSP](mdm/wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.|
+|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
Added procedure for collecting logs remotely from Windows 10 Holographic.
Added procedure for downloading the MDM Diagnostic Information log.|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Recent changes:
AccountPoliciesAccountLockoutPolicy
AccountLockoutDuration - removed from docs. Not supported.
AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
System/AllowFontProviders isn't supported in HoloLens (first gen) Commercial Suite.
Security/RequireDeviceEncryption is supported in the Home SKU.
Start/StartLayout - added a table of SKU support information.
Start/ImportEdgeAssets - added a table of SKU support information.
Added the following new policies in Windows 10, version 1809:
Update/SetDisableUXWUAccess|
+|[WiredNetwork CSP](mdm/wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.|
+
+## May 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[Policy DDF file](mdm/policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.
[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
+
+## April 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
Settings/AllowVirtualGPU
Settings/SaveFilesToHost|
+|[NetworkProxy CSP](mdm/networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
ProxySettingsPerUser|
+|[Accounts CSP](mdm/accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[CSP DDF files download](mdm/configuration-service-provider-ddf.md)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers|
+
+## March 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[eUICCs CSP](mdm/euiccs-csp.md)|Added the following node in Windows 10, version 1803:
IsEnabled|
+|[DeviceStatus CSP](mdm/devicestatus-csp.md)|Added the following node in Windows 10, version 1803:
OS/Mode|
+|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
[How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)|
+|[AccountManagement CSP](mdm/accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[RootCATrustedCertificates CSP](mdm/rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
UntrustedCertificates|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Browser/AllowCookies - updated the supported values. There are three values - 0, 1, 2.
InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
Added a new section:
[[Policies in Policy CSP supported by Group Policy](mdm/policies-in-policy-csp-supported-by-group-policy.md) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.|
+|[Policy CSP - Bluetooth](mdm/policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](mdm/policy-csp-bluetooth.md#servicesallowedlist-usage-guide).|
+|[MultiSIM CSP](mdm/multisim-csp.md)|Added SyncML examples and updated the settings descriptions.|
+|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.|
+
+## February 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
TextInput/TouchKeyboardWideModeAvailability|
+|[VPNv2 ProfileXML XSD](mdm/vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.|
+|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
Status
ShellLauncher
StatusConfiguration
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.|
+|[MultiSIM CSP](mdm/multisim-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
MaintainProcessorArchitectureOnUpdate|
+
+## January 2018
+
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Added the following policies in Windows 10, version 1709
DeviceLock/MinimumPasswordAge
Settings/AllowOnlineTips
System/DisableEnterpriseAuthProxy
Security/RequireDeviceEncryption - updated to show it's supported in desktop.|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.|
+|[EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.|
+|[DMClient CSP](mdm/dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
AADSendDeviceToken
BlockInStatusPage
AllowCollectLogsButton
CustomErrorText
SkipDeviceStatusPage
SkipUserStatusPage|
+|[Defender CSP](mdm/defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.|
+|[UEFI CSP](mdm/uefi-csp.md)|Added a new CSP in Windows 10, version 1803.|
+|[Update CSP](mdm/update-csp.md)|Added the following nodes in Windows 10, version 1803:
Rollback
Rollback/FeatureUpdate
Rollback/QualityUpdateStatus
Rollback/FeatureUpdateStatus|
+
+## December 2017
+
+|New or updated article|Description|
+|--- |--- |
+|[Configuration service provider reference](mdm/index.yml)|Added new section [CSP DDF files download](mdm/configuration-service-provider-ddf.md)|
+
+## November 2017
+
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
Search/AllowWindowsIndexer|
+
+## October 2017
+
+| New or updated article | Description |
+| --- | --- |
+| [Policy DDF file](mdm/policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
+| [Policy CSP](mdm/policy-configuration-service-provider.md) | Updated the following policies:
- Defender/ControlledFolderAccessAllowedApplications - string separator is `|` - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
+| [eUICCs CSP](mdm/euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
+| [AssignedAccess CSP](mdm/assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
+| [DMClient CSP](mdm/dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. |
+
+## September 2017
+
+|New or updated article|Description|
+|--- |--- |
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.|
+|[AssignedAccess CSP](mdm/assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.|
+|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.|
+|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
DomainName - fully qualified domain name if the device is domain-joined.
For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.|
+|[EnterpriseAPN CSP](mdm/enterpriseapn-csp.md)|Added a SyncML example.|
+|[VPNv2 CSP](mdm/vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.|
+|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.|
+|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
User sees installation progress of critical policies during MDM enrollment.
User knows what policies, profiles, apps MDM has configured
IT helpdesk can get detailed MDM diagnostic information using client tools
For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)|
+
+## August 2017
+
+|New or updated article|Description|
+|--- |--- |
+|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.|
+|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:
Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.|
+|[CM_CellularEntries CSP](mdm/cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.|
+|[EnterpriseDataProtection CSP](mdm/enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following values:
0 (default) – Off / No protection (decrypts previously protected data).
1 – Silent mode (encrypt and audit only).
2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
3 – Hides overrides (encrypt, prompt but hide overrides, and audit).|
+|[AppLocker CSP](mdm/applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allowlist examples](mdm/applocker-csp.md#allow-list-examples).|
+|[DeviceManageability CSP](mdm/devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:
Provider/ProviderID/ConfigInfo
Provider/ProviderID/EnrollmentInfo|
+|[Office CSP](mdm/office-csp.md)|Added the following setting in Windows 10, version 1709:
Installation/CurrentStatus|
+|[BitLocker CSP](mdm/bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
+|[Firewall CSP](mdm/firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
Changed some data types from integer to bool.
Updated the list of supported operations for some settings.
Added default values.|
+|[Policy DDF file](mdm/policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
Browser/AllowMicrosoftCompatibilityList
Update/DisableDualScan
Update/FillEmptyContentUrls|
+|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
Changed the names of the following policies:
Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
Added links to the extra [ADMX-backed BitLocker policies](mdm/policy-csp-bitlocker.md).
There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
Start/HideAppList|
diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/config-lock.md
similarity index 63%
rename from windows/client-management/mdm/config-lock.md
rename to windows/client-management/config-lock.md
index a9339f8e76..8725bda82d 100644
--- a/windows/client-management/mdm/config-lock.md
+++ b/windows/client-management/config-lock.md
@@ -4,8 +4,8 @@ description: A secured-core PC (SCPC) feature that prevents configuration drift
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w11
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 05/24/2022
---
@@ -81,50 +81,50 @@ Config lock is designed to ensure that a secured-core PC isn't unintentionally m
|**CSPs** |
|-----|
-|[BitLocker](bitlocker-csp.md) |
-|[PassportForWork](passportforwork-csp.md) |
-|[WindowsDefenderApplicationGuard](windowsdefenderapplicationguard-csp.md) |
-|[ApplicationControl](applicationcontrol-csp.md)
+|[BitLocker](mdm/bitlocker-csp.md) |
+|[PassportForWork](mdm/passportforwork-csp.md) |
+|[WindowsDefenderApplicationGuard](mdm/windowsdefenderapplicationguard-csp.md) |
+|[ApplicationControl](mdm/applicationcontrol-csp.md)
|**MDM policies** | **Supported by Group Policy** |
|-----|-----|
-|[DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md) | No |
-|[DataProtection/LegacySelectiveWipeID](policy-csp-dataprotection.md) | No |
-|[DeviceGuard/ConfigureSystemGuardLaunch](policy-csp-deviceguard.md) | Yes |
-|[DeviceGuard/EnableVirtualizationBasedSecurity](policy-csp-deviceguard.md) | Yes |
-|[DeviceGuard/LsaCfgFlags](policy-csp-deviceguard.md) | Yes |
-|[DeviceGuard/RequirePlatformSecurityFeatures](policy-csp-deviceguard.md) | Yes |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventDeviceMetadataFromNetwork](policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](policy-csp-deviceinstallation.md) | Yes |
-|[DmaGuard/DeviceEnumerationPolicy](policy-csp-dmaguard.md) | Yes |
-|[WindowsDefenderSecurityCenter/CompanyName](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableClearTpmButton](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableFamilyUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableHealthUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableNetworkUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableNotifications](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](policy-csp-windowsdefendersecuritycenter.md)| Yes |
-|[WindowsDefenderSecurityCenter/DisableVirusUI](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/Email](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/EnableInAppCustomization](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideSecureBoot](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/Phone](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/URL](policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[SmartScreen/EnableAppInstallControl](policy-csp-smartscreen.md)| Yes |
-|[SmartScreen/EnableSmartScreenInShell](policy-csp-smartscreen.md) | Yes |
-|[SmartScreen/PreventOverrideForFilesInShell](policy-csp-smartscreen.md) | Yes |
+|[DataProtection/AllowDirectMemoryAccess](mdm/policy-csp-dataprotection.md) | No |
+|[DataProtection/LegacySelectiveWipeID](mdm/policy-csp-dataprotection.md) | No |
+|[DeviceGuard/ConfigureSystemGuardLaunch](mdm/policy-csp-deviceguard.md) | Yes |
+|[DeviceGuard/EnableVirtualizationBasedSecurity](mdm/policy-csp-deviceguard.md) | Yes |
+|[DeviceGuard/LsaCfgFlags](mdm/policy-csp-deviceguard.md) | Yes |
+|[DeviceGuard/RequirePlatformSecurityFeatures](mdm/policy-csp-deviceguard.md) | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventDeviceMetadataFromNetwork](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md) | Yes |
+|[DmaGuard/DeviceEnumerationPolicy](mdm/policy-csp-dmaguard.md) | Yes |
+|[WindowsDefenderSecurityCenter/CompanyName](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableClearTpmButton](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableFamilyUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableHealthUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableNetworkUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](mdm/policy-csp-windowsdefendersecuritycenter.md)| Yes |
+|[WindowsDefenderSecurityCenter/DisableVirusUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/Email](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/EnableInAppCustomization](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideSecureBoot](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/Phone](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[WindowsDefenderSecurityCenter/URL](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
+|[SmartScreen/EnableAppInstallControl](mdm/policy-csp-smartscreen.md)| Yes |
+|[SmartScreen/EnableSmartScreenInShell](mdm/policy-csp-smartscreen.md) | Yes |
+|[SmartScreen/PreventOverrideForFilesInShell](mdm/policy-csp-smartscreen.md) | Yes |
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index a2b2682d33..d95c178ea4 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -1,7 +1,7 @@
---
title: Connect to remote Azure Active Directory-joined PC (Windows)
description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.author: vinpa
@@ -83,6 +83,9 @@ The table below lists the supported configurations for remotely connecting to an
> [!NOTE]
> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
+> [!NOTE]
+> When an Azure Active Directory group is added to the Remote Desktop Users group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through Remote Desktop Protocol (they can't sign in using Remote Desktop Connection). In this scenario, Network Level Authentication should be disabled to run the connection.
+
## Related topics
[How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)
diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md
deleted file mode 100644
index 686860ae52..0000000000
--- a/windows/client-management/data-collection-for-802-authentication.md
+++ /dev/null
@@ -1,382 +0,0 @@
----
-title: Data collection for troubleshooting 802.1X authentication
-ms.reviewer:
-manager: dansimp
-description: Use the steps in this article to collect data that can be used to troubleshoot 802.1X authentication issues.
-ms.prod: w10
-author: dansimp
-ms.localizationpriority: medium
-ms.author: dansimp
-ms.topic: troubleshooting
----
-
-# Data collection for troubleshooting 802.1X authentication
-
-Use the following steps to collect data that can be used to troubleshoot 802.1X authentication issues. When you have collected data, see [Advanced troubleshooting 802.1X authentication](advanced-troubleshooting-802-authentication.md).
-
-## Capture wireless/wired functionality logs
-
-Use the following steps to collect wireless and wired logs on Windows and Windows Server:
-
-1. Create C:\MSLOG on the client machine to store captured logs.
-2. Launch an elevated command prompt on the client machine, and run the following commands to start a RAS trace log and a Wireless/Wired scenario log.
-
- **Wireless Windows 8.1, Windows 10, and Windows 11:**
- ```
- netsh ras set tracing * enabled
- netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
- ```
-
- **Wireless Windows 7 and Windows 8:**
- ```
- netsh ras set tracing * enabled
- netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
- ```
-
- **Wired client, regardless of version**
- ```
- netsh ras set tracing * enabled
- netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
- ```
-
-3. Run the following command to enable CAPI2 logging and increase the size:
- ```
- wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
- wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
- ```
-
-4. Create C:\MSLOG on the NPS to store captured logs.
-
-5. Launch an elevated command prompt on the NPS server and run the following commands to start a RAS trace log and a Wireless/Wired scenario log:
-
- **Windows Server 2012 R2, Windows Server 2016 wireless network:**
- ```
- netsh ras set tracing * enabled
- netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
- ```
-
- **Windows Server 2008 R2, Windows Server 2012 wireless network**
- ```
- netsh ras set tracing * enabled
- netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
- ```
-
- **Wired network**
- ```
- netsh ras set tracing * enabled
- netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl
- ```
-
-6. Run the following command to enable CAPI2 logging and increase the size:
- ```
- wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
- wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
- ```
-7. Run the following command from the command prompt on the client machine and start PSR to capture screen images:
-
- > [!NOTE]
- > When the mouse button is clicked, the cursor will blink in red while capturing a screen image.
-
- ```
- psr /start /output c:\MSLOG\%computername%_psr.zip /maxsc 100
- ```
-8. Repro the issue.
-9. Run the following command on the client PC to stop the PSR capturing:
-
- ```
- psr /stop
- ```
-
-10. Run the following commands from the command prompt on the NPS server.
-
- - To stop RAS trace log and wireless scenario log:
-
- ```
- netsh trace stop
- netsh ras set tracing * disabled
- ```
- - To disable and copy CAPI2 log:
-
- ```
- wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
- wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
- ```
-
-11. Run the following commands on the client PC.
- - To stop RAS trace log and wireless scenario log:
- ```
- netsh trace stop
- netsh ras set tracing * disabled
- ```
-
- - To disable and copy the CAPI2 log:
- ```
- wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
- wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
- ```
-
-12. Save the following logs on the client and the NPS:
-
- **Client**
- - C:\MSLOG\%computername%_psr.zip
- - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
- - C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
- - C:\MSLOG\%COMPUTERNAME%_wireless_cli.cab
- - All log files and folders in %Systemroot%\Tracing
-
- **NPS**
- - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
- - C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl (%COMPUTERNAME%_wired_nps.etl for wired scenario)
- - C:\MSLOG\%COMPUTERNAME%_wireless_nps.cab (%COMPUTERNAME%_wired_nps.cab for wired scenario)
- - All log files and folders in %Systemroot%\Tracing
-
-## Save environment and configuration information
-
-### On Windows client
-
-1. Create C:\MSLOG to store captured logs.
-2. Launch a command prompt as an administrator.
-3. Run the following commands.
- - Environment information and Group Policy application status
-
- ```
- gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.htm
- msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
- ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
- route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
- ```
- - Event logs
-
- ```
- wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
- wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
- wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
- wevtutil epl Microsoft-Windows-GroupPolicy/Operational C:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
- wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-WLAN-AutoConfig-Operational.evtx
- wevtutil epl "Microsoft-Windows-Wired-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-Wired-AutoConfig-Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
- wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
- ```
- - For Windows 8 and later, also run these commands for event logs:
-
- ```
- wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
- ```
- - Certificates Store information:
-
- ```
- certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
- certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
- certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
- certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
- certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
- certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
- certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
- certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
- certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
- certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
- certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
- certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
- certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
- certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
- certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
- certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
- certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
- certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
- certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
- certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
- certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
- certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
- certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
- certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
- certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
- certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
- certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
- certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
- ```
- - Wireless LAN client information:
-
- ```
- netsh wlan show all > c:\MSLOG\%COMPUTERNAME%_wlan_show_all.txt
- netsh wlan export profile folder=c:\MSLOG\
- ```
- - Wired LAN Client information
-
- ```
- netsh lan show interfaces > c:\MSLOG\%computername%_lan_interfaces.txt
- netsh lan show profiles > c:\MSLOG\%computername%_lan_profiles.txt
- netsh lan show settings > c:\MSLOG\%computername%_lan_settings.txt
- netsh lan export profile folder=c:\MSLOG\
- ```
-4. Save the logs stored in C:\MSLOG.
-
-### On NPS
-
-1. Create C:\MSLOG to store captured logs.
-2. Launch a command prompt as an administrator.
-3. Run the following commands.
- - Environmental information and Group Policies application status:
-
- ```
- gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt
- msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
- ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
- route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
- ```
- - Event logs:
-
- ```
- wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
- wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
- wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
- wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
- wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
- ```
- - Run the following commands on Windows Server 2012 and later:
-
- ```
- wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
- ```
- - Certificates store information
-
- ```
- certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
- certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
- certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
- certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
- certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
- certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
- certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
- certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
- certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
- certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
- certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
- certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
- certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
- certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
- certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
- certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
- certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
- certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
- certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
- certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
- certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
- certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
- certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
- certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
- certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
- certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
- certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
- certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
- ```
- - NPS configuration information:
-
- ```
- netsh nps show config > C:\MSLOG\%COMPUTERNAME%_nps_show_config.txt
- netsh nps export filename=C:\MSLOG\%COMPUTERNAME%_nps_export.xml exportPSK=YES
- ```
-3. Take the following steps to save an NPS accounting log.
- 1. Open **Administrative tools > Network Policy Server**.
- 2. On the Network Policy Server administration tool, select **Accounting** in the left pane.
- 3. Click **Change Log File Properties**.
- 4. On the **Log File** tab, note the log file naming convention shown as **Name** and the log file location shown in **Directory** box.
- 5. Copy the log file to C:\MSLOG.
-
-4. Save the logs stored in C:\MSLOG.
-
-## Certification Authority (CA) (OPTIONAL)
-
-1. On a CA, launch a command prompt as an administrator. Create C:\MSLOG to store captured logs.
-2. Run the following commands.
- - Environmental information and Group Policies application status
-
- ```
- gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt
- msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
- ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
- route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
- ```
- - Event logs
-
- ```
- wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
- wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
- wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
- wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
- wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
- ```
- - Run the following lines on Windows 2012 and up
-
- ```
- wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
- wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
- ```
- - Certificates store information
-
- ```
- certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
- certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
- certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
- certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
- certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
- certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
- certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
- certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
- certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
- certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
- certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
- certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
- certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
- certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
- certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
- certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
- certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
- certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
- certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
- certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
- certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
- certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
- certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
- certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
- certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
- certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
- certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
- certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
- certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
- ```
- - CA configuration information
-
- ```
- reg save HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.hiv
- reg export HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.txt
- reg save HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.hiv
- reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.txt
- ```
-3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf
-4. Sign in to a domain controller and create C:\MSLOG to store captured logs.
-5. Launch Windows PowerShell as an administrator.
-6. Run the following PowerShell cmdlets. Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for "; test.local"; domain.
-
- ```powershell
- Import-Module ActiveDirectory
- Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter * -Properties * | fl * > C:\MSLOG\Get-ADObject_$Env:COMPUTERNAME.txt
- ```
-7. Save the following logs.
- - All files in C:\MSLOG on the CA
- - All files in C:\MSLOG on the domain controller
-
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/data-structures-windows-store-for-business.md
similarity index 99%
rename from windows/client-management/mdm/data-structures-windows-store-for-business.md
rename to windows/client-management/data-structures-windows-store-for-business.md
index e39e9c9e12..b0f8d8a0f9 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/data-structures-windows-store-for-business.md
@@ -8,8 +8,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
deleted file mode 100644
index 54cd623df2..0000000000
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ /dev/null
@@ -1,129 +0,0 @@
----
-title: How to determine the appropriate page file size for 64-bit versions of Windows
-description: Learn how to determine the appropriate page file size for 64-bit versions of Windows.
-ms.prod: w10
-ms.topic: troubleshooting
-author: Deland-Han
-ms.localizationpriority: medium
-ms.author: delhan
-ms.date: 8/28/2019
-ms.reviewer: dcscontentpm
-manager: dansimp
-ms.collection: highpri
----
-
-# How to determine the appropriate page file size for 64-bit versions of Windows
-
-Page file sizing depends on the system crash dump setting requirements and the peak usage or expected peak usage of the system commit charge. Both considerations are unique to each system, even for systems that are identical. This uniqueness means that page file sizing is also unique to each system and can't be generalized.
-
-## Determine the appropriate page file size
-
-Use the following considerations for page file sizing for all versions of Windows and Windows Server.
-
-### Crash dump setting
-
-If you want a crash dump file to be created during a system crash, a page file or a dedicated dump file must exist and be large enough to back up the system crash dump setting. Otherwise, a system memory dump file isn't created.
-
-For more information, see [Support for system crash dumps](introduction-page-file.md#support-for-system-crash-dumps) section.
-
-### Peak system commit charge
-
-The system commit charge can't exceed the system commit limit. This limit is the sum of physical memory (RAM) and all page files combined. If no page files exist, the system commit limit is slightly less than the physical memory that is installed. Peak system-committed memory usage can vary greatly between systems. Therefore, physical memory and page file sizing also vary.
-
-### Quantity of infrequently accessed pages
-
-The purpose of a page file is to *back* (support) infrequently accessed modified pages so that they can be removed from physical memory. This removal provides more available space for more frequently accessed pages. The "\Memory\Modified Page List Bytes" performance counter measures, in part, the number of infrequently accessed modified pages that are destined for the hard disk. However, not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list. Therefore, consider extending or adding a page file if all the following conditions are true:
-
-- More available physical memory (\Memory\Available MBytes) is required.
-
-- The modified page list contains a significant amount of memory.
-
-- The existing page files are fairly full (\Paging Files(*)\% Usage).
-
-## Support for system crash dumps
-
-A system crash (also known as a “bug check” or a "Stop error") occurs when the system can't run correctly. The dump file that is produced from this event is called a system crash dump. A page file or dedicated dump file is used to write a crash dump file (Memory.dmp) to disk. Therefore, a page file or a dedicated dump file must be large enough to support the kind of crash dump selected. Otherwise, the system can't create the crash dump file.
-
->[!Note]
->During startup, system-managed page files are sized respective to the system crash dump settings. This assumes that enough free disk space exists.
-
-|System crash dump setting |Minimum page file size requirement|
-|-----------|-------------------|
-|Small memory dump (256 KB) |1 MB|
-|Kernel memory dump |Depends on kernel virtual memory usage|
-|Complete memory dump |1 x RAM plus 257 MB*|
-|Automatic memory dump |Depends on kernel virtual memory usage. For details, see Automatic memory dump.|
-
-\* 1 MB of header data and device drivers can total 256 MB of secondary crash dump data.
-
-The **Automatic memory dump** setting is enabled by default. This setting is an alternative to a kind of crash dump. This setting automatically selects the best page file size, depending on the frequency of system crashes.
-
-The Automatic memory dump feature initially selects a small paging file size. It would accommodate the kernel memory most of the time. If the system crashes again within four weeks, the Automatic memory dump feature sets the page file size as either the RAM size or 32 GB, whichever is smaller.
-
-Kernel memory crash dumps require enough page file space or dedicated dump file space to accommodate the kernel mode side of virtual memory usage. If the system crashes again within four weeks of the previous crash, a Complete memory dump is selected at restart. This dump requires a page file or dedicated dump file of at least the size of physical memory (RAM) plus 1 MB for header information plus 256 MB for potential driver data to support all the potential data that is dumped from memory. Again, the system-managed page file will be increased to back this kind of crash dump. If the system is configured to have a page file or a dedicated dump file of a specific size, make sure that the size is sufficient to back the crash dump setting that is listed in the table earlier in this section together with and the peak system commit charge.
-
-### Dedicated dump files
-
-Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators can now create a dedicated dump file instead.
-
-A dedicated dump file is a page file that isn't used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you don't want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options).
-
-## System-managed page files
-
-By default, page files are system-managed. This system management means that the page files increase and decrease based on many factors, such as the amount of physical memory installed, the process of accommodating the system commit charge, and the process of accommodating a system crash dump.
-
-For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This surge continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. Therefore, it's assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
-
-The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10 and Windows 11.
-
-|Minimum page file size |Maximum page file size|
-|---------------|------------------|
-|Varies based on page file usage history, amount of RAM (RAM ÷ 8, max 32 GB) and crash dump settings. |3 × RAM or 4 GB, whichever is larger. This size is then limited to the volume size ÷ 8. However, it can grow to within 1 GB of free space on the volume if necessary for crash dump settings.|
-
-## Performance counters
-
-Several performance counters are related to page files. This section describes the counters and what they measure.
-
-### \Memory\Page/sec and other hard page fault counters
-
-The following performance counters measure hard page faults (which include, but aren't limited to, page file reads):
-
-- \Memory\Page/sec
-
-- \Memory\Page Reads/sec
-
-- \Memory\Page Inputs/sec
-
-The following performance counters measure page file writes:
-
-- \Memory\Page Writes/sec
-
-- \Memory\Page Output/sec
-
-Hard page faults are faults that must be resolved by retrieving the data from disk. Such data can include portions of DLLs, .exe files, memory-mapped files, and page files. These faults might or might not be related to a page file or to a low-memory condition. Hard page faults are a standard function of the operating system. They occur when the following items are read:
-
-- Parts of image files (.dll and .exe files) as they're used
-
-- Memory-mapped files
-
-- A page file
-
-High values for these counters (excessive paging) indicate disk access of generally 4 KB per page fault on x86 and x64 versions of Windows and Windows Server. This disk access might or might not be related to page file activity but may contribute to poor disk performance that can cause system-wide delays if the related disks are overwhelmed.
-
-Therefore, we recommend that you monitor the disk performance of the logical disks that host a page file in correlation with these counters. A system that has a sustained 100 hard page faults per second experiences 400 KB per second disk transfers. Most 7,200-RPM disk drives can handle about 5 MB per second at an IO size of 16 KB or 800 KB per second at an IO size of 4 KB. No performance counter directly measures which logical disk the hard page faults are resolved for.
-
-### \Paging File(*)\% Usage
-
-The \Paging File(*)\% Usage performance counter measures the percentage of usage of each page file. 100 percent usage of a page file doesn't indicate a performance problem as long as the system commit limit isn't reached by the system commit charge, and if a significant amount of memory isn't waiting to be written to a page file.
-
->[!Note]
->The size of the Modified Page List (\Memory\Modified Page List Bytes) is the total of modified data that is waiting to be written to disk.
-
-If the Modified Page List (a list of physical memory pages that are the least frequently accessed) contains lots of memory, and if the **% Usage** value of all page files is greater than 90, you can make more physical memory available for more frequently access pages by increasing or adding a page file.
-
->[!Note]
->Not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list.
-
-## Multiple page files and disk considerations
-
-If a system is configured to have more than one page files, the page file that responds first is the one that is used. This customized configuration means that page files that are on faster disks are used more frequently. Also, whether you put a page file on a “fast” or “slow” disk is important only if the page file is frequently accessed and if the disk that is hosting the respective page file is overwhelmed. Actual page file usage depends greatly on the amount of modified memory that the system is managing. This dependency means that files that already exist on disk (such as .txt, .doc, .dll, and .exe) aren't written to a page file. Only modified data that doesn't already exist on disk (for example, unsaved text in Notepad) is memory that could potentially be backed by a page file. After the unsaved data is saved to disk as a file, it's backed by the disk and not by a page file.
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/device-update-management.md
similarity index 98%
rename from windows/client-management/mdm/device-update-management.md
rename to windows/client-management/device-update-management.md
index bd5f317fc2..4964a3969d 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@@ -5,14 +5,14 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/15/2017
ms.collection: highpri
---
-# Mobile device management (MDM) for device updates
+# Mobile device management (MDM) for device updates
>[!TIP]
>If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq).
@@ -36,7 +36,7 @@ In Windows 10, the MDM protocol has been extended to better enable IT admins to
The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID. The Update ID is a GUID that identifies a particular update. The MDM will want to show IT-friendly information about the update, instead of a raw GUID, including the update’s title, description, KB, update type, like a security update or service pack. For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](/openspecs/windows_protocols/ms-wsusss/f49f0c3e-a426-4b4b-b401-9aeb2892815c).
-For more information about the CSPs, see [Update CSP](update-csp.md) and the update policy area of the [Policy CSP](policy-configuration-service-provider.md).
+For more information about the CSPs, see [Update CSP](mdm/update-csp.md) and the update policy area of the [Policy CSP](mdm/policy-configuration-service-provider.md).
The following diagram provides a conceptual overview of how this works:
@@ -130,11 +130,11 @@ The following list describes a suggested model for applying updates.
2. In the Test group, just let all updates flow.
3. In the All Group, set up Quality Update deferral for seven days. Then, Quality Updates will be auto approved after the seven days. Definition Updates are excluded from Quality Update deferrals, and will be auto approved when they're available. This schedule can be done by setting Update/DeferQualityUpdatesPeriodInDays to seven, and just letting updates flow after seven days or pushing Pause if any issues.
-Updates are configured using a combination of the [Update CSP](update-csp.md), and the update portion of the [Policy CSP](policy-configuration-service-provider.md).
+Updates are configured using a combination of the [Update CSP](mdm/update-csp.md), and the update portion of the [Policy CSP](mdm/policy-configuration-service-provider.md).
### Update policies
-The enterprise IT can configure auto-update policies via OMA DM using the [Policy CSP](policy-configuration-service-provider.md) (this functionality isn't supported in Windows 10 Home). Here's the CSP diagram for the Update node in Policy CSP.
+The enterprise IT can configure auto-update policies via OMA DM using the [Policy CSP](mdm/policy-configuration-service-provider.md) (this functionality isn't supported in Windows 10 Home). Here's the CSP diagram for the Update node in Policy CSP.
The following information shows the Update policies in a tree format.
@@ -179,7 +179,7 @@ Policy
**Update/ActiveHoursEnd**
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
Added in Windows 10, version 1607. When used with **Update/ActiveHoursStart**, it allows the IT admin to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. There's a 12-hour maximum from start time.
@@ -193,7 +193,7 @@ The default is 17 (5 PM).
**Update/ActiveHoursMaxRange**
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
@@ -235,7 +235,7 @@ The following list shows the supported values:
> [!IMPORTANT]
> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
-
+
If the policy isn't configured, end users get the default behavior (Auto install and restart).
@@ -312,7 +312,7 @@ The following list shows the supported values:
**Update/BranchReadinessLevel**
> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
@@ -680,7 +680,7 @@ Value type is string and the default value is an empty string. If the setting is
### Update management
-The enterprise IT can configure the set of approved updates and get compliance status via OMA DM using the [Update CSP](update-csp.md). The following information shows the Update CSP in tree format.
+The enterprise IT can configure the set of approved updates and get compliance status via OMA DM using the [Update CSP](mdm/update-csp.md). The following information shows the Update CSP in tree format.
```console
./Vendor/MSFT
@@ -731,7 +731,7 @@ The update approval list enables IT to approve individual updates and update cla
> [!NOTE]
> For the Windows 10 build, the client may need to reboot after additional updates are added.
-
+
Supported operations are Get and Add.
@@ -835,7 +835,7 @@ Supported operation is Get.
## Windows 10, version 1607 for update management
-Here are the new policies added in Windows 10, version 1607 in [Policy CSP](policy-configuration-service-provider.md). Use these policies for the Windows 10, version 1607 devices.
+Here are the new policies added in Windows 10, version 1607 in [Policy CSP](mdm/policy-configuration-service-provider.md). Use these policies for the Windows 10, version 1607 devices.
- Update/ActiveHoursEnd
- Update/ActiveHoursStart
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/diagnose-mdm-failures-in-windows-10.md
similarity index 66%
rename from windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
rename to windows/client-management/diagnose-mdm-failures-in-windows-10.md
index 1191fc721d..67b61ceb3c 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/diagnose-mdm-failures-in-windows-10.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/25/2018
ms.collection: highpri
@@ -14,15 +14,15 @@ ms.collection: highpri
# Diagnose MDM failures in Windows 10
-To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
+To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
## Download the MDM Diagnostic Information log from Windows 10 PCs
1. On your managed device, go to **Settings** > **Accounts** > **Access work or school**.
-1. Click your work or school account, then click **Info.**
+1. Click your work or school account, then click **Info.**
-1. At the bottom of the **Settings** page, click **Create report**.
+1. At the bottom of the **Settings** page, click **Create report**.
1. A window opens that shows the path to the log files. Click **Export**.
@@ -30,32 +30,34 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
-## Use command to collect logs directly from Windows 10 PCs
+## Use command to collect logs directly from Windows 10 PCs
You can also collect the MDM Diagnostic Information logs using the following command:
```xml
-mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
+mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip "c:\users\public\documents\MDMDiagReport.zip"
```
-- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
+
+- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
### Understanding zip structure
+
The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
-- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
-- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
-- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
-- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
-- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
-- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
-- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
-- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
+- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
+- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
+- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
+- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
+- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
+- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
+- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
+- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
-## Collect logs directly from Windows 10 PCs
+## Collect logs directly from Windows 10 PCs
-Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
+Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
-- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
+- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
Here's a screenshot:
@@ -63,34 +65,34 @@ Here's a screenshot:
In this location, the **Admin** channel logs events by default. However, if you need more details logs you can enable **Debug** logs by choosing **Show Analytic and Debug** logs option in **View** menu in Event Viewer.
-**To collect Admin logs**
+### Collect admin logs
-1. Right click on the **Admin** node.
-2. Select **Save all events as**.
-3. Choose a location and enter a filename.
-4. Click **Save**.
-5. Choose **Display information for these languages** and then select **English**.
-6. Click **Ok**.
+1. Right click on the **Admin** node.
+2. Select **Save all events as**.
+3. Choose a location and enter a filename.
+4. Click **Save**.
+5. Choose **Display information for these languages** and then select **English**.
+6. Click **Ok**.
For more detailed logging, you can enable **Debug** logs. Right click on the **Debug** node and then click **Enable Log**.
-**To collect Debug logs**
+### Collect debug logs
-1. Right click on the **Debug** node.
-2. Select **Save all events as**.
-3. Choose a location and enter a filename.
-4. Click **Save**.
-5. Choose **Display information for these languages** and then select **English**.
-6. Click **Ok**.
+1. Right click on the **Debug** node.
+2. Select **Save all events as**.
+3. Choose a location and enter a filename.
+4. Click **Save**.
+5. Choose **Display information for these languages** and then select **English**.
+6. Click **Ok**.
-You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
+You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
-## Collect logs remotely from Windows 10 PCs
+## Collect logs remotely from Windows 10 PCs
-When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
+When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](mdm/diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
-- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
-- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
+- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
+- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
Example: Enable the Debug channel logging
@@ -135,7 +137,7 @@ Example: Export the Debug logs
## Collect logs remotely from Windows 10 Holographic
-For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
+For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](mdm/diagnosticlog-csp.md).
You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is 3DA494E4-0FE2-415C-B895-FB5265C5C83B. The following examples show how to enable the ETW provider:
@@ -229,39 +231,39 @@ Stop collector trace logging
```
-After the logs are collected on the device, you can retrieve the files through the MDM channel using the FileDownload portion of the DiagnosticLog CSP. For details, see [DiagnosticLog CSP](diagnosticlog-csp.md).
+After the logs are collected on the device, you can retrieve the files through the MDM channel using the FileDownload portion of the DiagnosticLog CSP. For details, see [DiagnosticLog CSP](mdm/diagnosticlog-csp.md).
## View logs
For best results, ensure that the PC or VM on which you're viewing logs matches the build of the OS from which the logs were collected.
-1. Open eventvwr.msc.
-2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
+1. Open eventvwr.msc.
+2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
-3. Navigate to the etl file that you got from the device and then open the file.
-4. Click **Yes** when prompted to save it to the new log format.
+3. Navigate to the etl file that you got from the device and then open the file.
+4. Click **Yes** when prompted to save it to the new log format.
-5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
+5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
-6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
+6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
-7. Now you're ready to start reviewing the logs.
+7. Now you're ready to start reviewing the logs.
## Collect device state data
-Here's an example of how to collect current MDM device state data using the [DiagnosticLog CSP](diagnosticlog-csp.md), version 1.3, which was added in Windows 10, version 1607. You can collect the file from the device using the same FileDownload node in the CSP as you do for the etl files.
+Here's an example of how to collect current MDM device state data using the [DiagnosticLog CSP](mdm/diagnosticlog-csp.md), version 1.3, which was added in Windows 10, version 1607. You can collect the file from the device using the same FileDownload node in the CSP as you do for the etl files.
```xml
@@ -283,5 +285,3 @@ Here's an example of how to collect current MDM device state data using the [Dia
```
-
-
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/disconnecting-from-mdm-unenrollment.md
similarity index 99%
rename from windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
rename to windows/client-management/disconnecting-from-mdm-unenrollment.md
index 31fbaa5aa9..371357b658 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/disconnecting-from-mdm-unenrollment.md
@@ -8,8 +8,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index 6c35dc70a8..21740e86df 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
+ "**/*.svg",
"**/*.gif"
],
"exclude": [
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/enable-admx-backed-policies-in-mdm.md
similarity index 89%
rename from windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
rename to windows/client-management/enable-admx-backed-policies-in-mdm.md
index a8fdcc53b2..a5dc882b93 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/enable-admx-backed-policies-in-mdm.md
@@ -3,8 +3,8 @@ title: Enable ADMX policies in MDM
description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/01/2017
@@ -17,10 +17,10 @@ manager: aaroncz
Here's how to configure Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
-Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX policies)](./policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
+Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of [selected set of Group Policy administrative templates (ADMX policies)](mdm/policies-in-policy-csp-admx-backed.md) for Windows PCs via the [Policy configuration service provider (CSP)](mdm/policy-configuration-service-provider.md). Configuring ADMX policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
Summary of steps to enable a policy:
-- Find the policy from the list ADMX policies.
+- Find the policy from the list ADMX policies.
- Find the Group Policy related information from the MDM policy description.
- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
- Create the data payload for the SyncML.
@@ -33,9 +33,9 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
## Enable a policy
> [!NOTE]
-> See [Understanding ADMX policies in Policy CSP](./understanding-admx-backed-policies.md).
+> See [Understanding ADMX policies in Policy CSP](understanding-admx-backed-policies.md).
-1. Find the policy from the list [ADMX policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.
+1. Find the policy from the list [ADMX policies](mdm/policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.
- GP Friendly name
- GP name
- GP ADMX file name
@@ -43,25 +43,25 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
2. Use the Group Policy Editor to determine whether you need additional information to enable the policy. Run GPEdit.msc
- 1. Click **Start**, then in the text box type **gpedit**.
+ 1. Click **Start**, then in the text box type **gpedit**.
+
+ 2. Under **Best match**, click **Edit group policy** to launch it.
- 2. Under **Best match**, click **Edit group policy** to launch it.
-
- 3. In **Local Computer Policy** navigate to the policy you want to configure.
-
+ 3. In **Local Computer Policy** navigate to the policy you want to configure.
+
In this example, navigate to **Administrative Templates > System > App-V**.
- 4. Double-click **Enable App-V Client**.
+ 4. Double-click **Enable App-V Client**.
The **Options** section is empty, which means there are no parameters necessary to enable the policy. If the **Options** section isn't empty, follow the procedure in [Enable a policy that requires parameters](#enable-a-policy-that-requires-parameters)
-3. Create the SyncML to enable the policy that doesn't require any parameter.
+3. Create the SyncML to enable the policy that doesn't require any parameter.
In this example, you configure **Enable App-V Client** to **Enabled**.
@@ -90,7 +90,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
```
-## Enable a policy that requires parameters
+## Enable a policy that requires parameters
1. Create the SyncML to enable the policy that requires parameters.
@@ -105,7 +105,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
2. Find the variable names of the parameters in the ADMX file.
- You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
+ You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](mdm/policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
@@ -115,13 +115,13 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The *text id* and *enum id* represent the *data id* you need to include in the SyncML data payload. They correspond to the fields you see in the Group Policy Editor.
-
+
Here's the snippet from appv.admx:
```xml
-
@@ -139,7 +139,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
-
+
@@ -151,7 +151,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
-
+
@@ -164,7 +164,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
-
+
@@ -188,7 +188,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
-
+
@@ -201,7 +201,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
-
+
```
@@ -209,7 +209,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
6. From the **\** tag, copy all of the *text id* and *enum id* and create an XML with *data id* and *value* fields. The *value* field contains the configuration settings that you would enter in the Group Policy Editor.
Here's the example XML for Publishing_Server2_Policy:
-
+
```xml
@@ -221,12 +221,12 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
- ```
+ ```
- 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs.
+ 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs.
Here's the example for **AppVirtualization/PublishingAllowServer2**:
-
+
> [!NOTE]
> The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
@@ -245,15 +245,15 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2
- ]]>
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
similarity index 98%
rename from windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
rename to windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
index b7a2a1544c..a27bb4a05a 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -3,8 +3,8 @@ title: Enroll a Windows 10 device automatically using Group Policy
description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 04/30/2022
ms.reviewer:
@@ -194,7 +194,7 @@ Requirements:
- 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
- - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667)
+ - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
2. Install the package on the Domain Controller.
@@ -215,11 +215,11 @@ Requirements:
- 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
- - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)**
+ - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update V2 (21H2)**
4. Rename the extracted Policy Definitions folder to `PolicyDefinitions`.
-5. Copy the PolicyDefinitions folder to `\\SYSVOL\contoso.com\policies\PolicyDefinitions`.
+5. Copy the PolicyDefinitions folder to `\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions`.
If this folder doesn't exist, then you'll be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.
@@ -305,7 +305,7 @@ To collect Event Viewer logs:
### Useful Links
-- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667)
+- [Windows 10 Administrative Templates for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
- [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
- [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/enterprise-app-management.md
similarity index 95%
rename from windows/client-management/mdm/enterprise-app-management.md
rename to windows/client-management/enterprise-app-management.md
index d2dc640f22..6646d4df78 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/enterprise-app-management.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/04/2021
---
@@ -30,7 +30,7 @@ Windows 10 offers the ability for management servers to:
## Inventory your apps
-Windows 10 lets you inventory all apps deployed to a user, and inventory all apps for all users of a device on Windows 10 for desktop editions. The [EnterpriseModernAppManagement](enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and doesn't include traditional Win32 apps installed via MSI or executables. When the apps are inventoried, they're separated based on the following app classifications:
+Windows 10 lets you inventory all apps deployed to a user, and inventory all apps for all users of a device on Windows 10 for desktop editions. The [EnterpriseModernAppManagement](mdm/enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and doesn't include traditional Win32 apps installed via MSI or executables. When the apps are inventoried, they're separated based on the following app classifications:
- Store - Apps that are from the Microsoft Store. Apps can be directly installed from the Store or delivered with the enterprise from the Store for Business
- nonStore - Apps that weren't acquired from the Microsoft Store.
@@ -41,7 +41,7 @@ These classifications are represented as nodes in the EnterpriseModernAppManagem
The following information shows the EnterpriseModernAppManagement CSP in a tree format:
```console
-./Device/Vendor/MSFT
+./Device/Vendor/MSFT
or
./User/Vendor/MSFT
EnterpriseAppManagement
@@ -164,7 +164,7 @@ Here are the nodes for each package full name:
- Users
- IsProvisioned
-For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md).
+For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md).
### App inventory
@@ -210,7 +210,7 @@ Here are the nodes for each license ID:
- LicenseUsage
- RequestedID
-For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md).
+For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md).
> [!NOTE]
> The LicenseID in the CSP is the content ID for the license.
@@ -253,7 +253,7 @@ To deploy apps that aren't from the Microsoft Store, you must configure the Appl
The AllowAllTrustedApps policy enables the installation apps that are trusted by a certificate in the Trusted People on the device, or a root certificate in the Trusted Root of the device. The policy isn't configured by default, which means only apps from the Microsoft Store can be installed. If the management server implicitly sets the value to off, the setting is disabled in the settings panel on the device.
-For more information about the AllowAllTrustedApps policy, see [Policy CSP](policy-configuration-service-provider.md).
+For more information about the AllowAllTrustedApps policy, see [Policy CSP](mdm/policy-configuration-service-provider.md).
Here are some examples.
@@ -271,14 +271,14 @@ Here are some examples.
2
-
+ ./Vendor/MSFT/Policy/Config/ApplicationManagement/AllowAllTrustedApps
-
- int
- text/plain
-
- 1
+
+ int
+ text/plain
+
+ 1
```
@@ -291,7 +291,7 @@ AllowDeveloperUnlock policy enables the development mode on the device. The Allo
Deployment of apps to Windows 10 for desktop editions requires that there's a chain to a certificate on the device. The app can be signed with a root certificate on the device (such as Symantec Enterprise), an enterprise owned root certificate, or a peer trust certificate deployed on the device.
-For more information about the AllowDeveloperUnlock policy, see [Policy CSP](policy-configuration-service-provider.md).
+For more information about the AllowDeveloperUnlock policy, see [Policy CSP](mdm/policy-configuration-service-provider.md).
Here's an example.
@@ -309,21 +309,21 @@ Here's an example.
2
-
+ ./Vendor/MSFT/Policy/Config/ApplicationManagement/AllowDeveloperUnlock
-
- int
- text/plain
-
- 1
+
+ int
+ text/plain
+
+ 1
```
## Install your apps
-You can install apps to a specific user or to all users of a device. Apps are installed directly from the Microsoft Store. Or, they're installed from a host location, such as a local disk, UNC path, or HTTPS location. Use the AppInstallation node of the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) to install apps.
+You can install apps to a specific user or to all users of a device. Apps are installed directly from the Microsoft Store. Or, they're installed from a host location, such as a local disk, UNC path, or HTTPS location. Use the AppInstallation node of the [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md) to install apps.
### Deploy apps to user from the Store
@@ -381,7 +381,7 @@ Here's an example of an offline license installation.
1
-
+ ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppLicenses/StoreLicenses/{LicenseID}/AddLicense
@@ -420,7 +420,7 @@ Here's an example of a line-of-business app installation.
./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}
-
+
1
@@ -447,7 +447,7 @@ Here's an example of an app installation with dependencies.
./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName
-
+
1
@@ -481,7 +481,7 @@ Here's an example of an app installation with dependencies and optional packages
./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName
-
+
1
@@ -499,9 +499,9 @@ Here's an example of an app installation with dependencies and optional packages
-
-
@@ -542,7 +542,7 @@ Here's an example of app installation.
./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName
-
+
1
@@ -579,7 +579,7 @@ Here's an example of app installation with dependencies.
./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName
-
+
1
@@ -626,7 +626,7 @@ Here's an example of a query for a specific app installation.
2
-
+ ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}?list=StructData
@@ -640,7 +640,7 @@ Here's an example of a query for all app installations.
2
-
+ ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation?list=StructData
@@ -659,7 +659,7 @@ Here's an example of an alert.
1226
- ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}/HostedInstall
+ ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}/HostedInstallReversed-Domain-Name:com.microsoft.mdm.EnterpriseHostedAppInstall.result
@@ -723,7 +723,7 @@ You can remove provisioned apps from a device for a specific version, or for all
> [!NOTE]
> You can only remove an app that has an inventory value IsProvisioned = 1.
-
+
Removing provisioned app occurs in the device context.
Here's an example for removing a provisioned app from a device.
@@ -889,7 +889,7 @@ The Universal Windows app can share application data between the users of the de
> [!NOTE]
> This is only applicable to multi-user devices.
-The AllowSharedUserAppData policy in [Policy CSP](policy-configuration-service-provider.md) enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API.
+The AllowSharedUserAppData policy in [Policy CSP](mdm/policy-configuration-service-provider.md) enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API.
If you disable this policy, applications can't share user application data among multiple users. However, pre-written shared data will persist. The clean pre-written shared data, use DISM ((/Get-ProvisionedAppxPackage to detect if there's any shared data, and /Remove-SharedAppxData to remove it).
@@ -911,14 +911,14 @@ Here's an example.
2
-
+ ./Vendor/MSFT/Policy/Config/ApplicationManagement/AllowSharedUserAppData
-
- int
- text/plain
-
- 1
+
+ int
+ text/plain
+
+ 1
```
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md
similarity index 99%
rename from windows/client-management/mdm/esim-enterprise-management.md
rename to windows/client-management/esim-enterprise-management.md
index cdc60b2936..34872b5ca8 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/esim-enterprise-management.md
@@ -1,7 +1,7 @@
---
title: eSIM Enterprise Management
description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.author: vinpa
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/federated-authentication-device-enrollment.md
similarity index 99%
rename from windows/client-management/mdm/federated-authentication-device-enrollment.md
rename to windows/client-management/federated-authentication-device-enrollment.md
index d0e4cb46c1..a50c18383c 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/federated-authentication-device-enrollment.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 07/28/2017
---
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
deleted file mode 100644
index e631ae9d84..0000000000
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: Generate a kernel or complete crash dump
-description: Learn how to generate a kernel or complete crash dump, and then use the output to troubleshoot several issues.
-ms.prod: w10
-ms.topic: troubleshooting
-author: Deland-Han
-ms.localizationpriority: medium
-ms.author: delhan
-ms.date: 8/28/2019
-ms.reviewer:
-manager: willchen
-ms.collection: highpri
----
-
-# Generate a kernel or complete crash dump
-
-A system crash (also known as a “bug check” or a "Stop error") occurs when Windows can't run correctly. The dump file that is produced from this event is called a system crash dump.
-
-A manual kernel or complete memory dump file is useful when you troubleshoot several issues because the process captures a record of system memory at the time of a crash.
-
-## Set up page files
-
-See [Support for system crash dumps](determine-appropriate-page-file-size.md#support-for-system-crash-dumps) for the page file size requirement for system crash dump.
-
-## Enable memory dump setting
-
-You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may prevent you from completing this procedure.
-
-To enable memory dump setting, follow these steps:
-
-1. In **Control Panel**, select **System and Security** > **System**.
-
-2. Select **Advanced system settings**, and then select the **Advanced** tab.
-
-3. In the **Startup and Recovery** area, select **Settings**.
-
-4. Make sure that **Kernel memory dump** or **Complete memory dump** is selected under **Writing Debugging Information**.
-
-5. Restart the computer.
-
->[!Note]
->You can change the dump file path by edit the **Dump file** field. In other words, you can change the path from %SystemRoot%\Memory.dmp to point to a local drive that has enough disk space, such as E:\Memory.dmp.
-
-### Tips to generate memory dumps
-
-When the computer crashes and restarts, the contents of physical RAM are written to the paging file that is located on the partition on which the operating system is installed.
-
-Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best-case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This read-and-write process can cause a prolonged server outage.
-
->[!Note]
->Use this method to generate complete memory dump files with caution. Ideally, you should do this only when you are explicitly requested to by the Microsoft Support engineer. Any kernel or complete memory dump file debugging should be the last resort after all standard troubleshooting methods have been completely exhausted.
-
-## Manually generate a memory dump file
-
-### Use the NotMyFault tool
-
-If you can sign in while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool by following these steps:
-
-1. Download the [NotMyFault](https://download.sysinternals.com/files/NotMyFault.zip) tool.
-
-2. Select **Start**, and then select **Command Prompt**.
-3. At the command line, run the following command:
-
- ```console
- notMyfault.exe /crash
- ```
-
->[!Note]
->This operation generates a memory dump file and a D1 Stop error.
-
-### Use NMI
-
-On some computers, you can't use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard isn't attached to the HP BladeSystem server.
-
-In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor.
-
-To implement this process, follow these steps:
-
-> [!IMPORTANT]
-> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
-
-> [!NOTE]
-> This registry key isn't required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect.
-
-1. In Registry Editor, locate the following registry subkey:
-
- **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl**
-
-2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**.
-
-3. Type NMICrashDump, and then press Enter.
-
-4. Right-click **NMICrashDump**, and then select **Modify**.
-
-5. In the **Value data** box, type **1**, and then select **OK**.
-
-6. Restart the computer.
-
-7. Hardware vendors, such as HP, IBM, and Dell, may provide an Automatic System Recovery (ASR) feature. You should disable this feature during troubleshooting. For example, if the HP and Compaq ASR feature is enabled in the BIOS, disable this feature while you troubleshoot to generate a complete Memory.dmp file. For the exact steps, contact your hardware vendor.
-
-8. Enable the NMI switch in the BIOS or by using the Integrated Lights Out (iLO) Web interface.
-
- >[!Note]
- >For the exact steps, see the BIOS reference manual or contact your hardware vendor.
-
-9. Test this method on the server by using the NMI switch to generate a dump file. You'll see a STOP 0x00000080 hardware malfunction.
-
-If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](/azure/virtual-machines/linux/serial-console-nmi-sysrq).
-
-### Use the keyboard
-
-[Forcing a System Crash from the Keyboard](/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
-
-### Use Debugger
-
-[Forcing a System Crash from the Debugger](/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)
diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/get-inventory.md
similarity index 98%
rename from windows/client-management/mdm/get-inventory.md
rename to windows/client-management/get-inventory.md
index 2aa1418ebf..96913de900 100644
--- a/windows/client-management/mdm/get-inventory.md
+++ b/windows/client-management/get-inventory.md
@@ -8,8 +8,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/get-localized-product-details.md
similarity index 96%
rename from windows/client-management/mdm/get-localized-product-details.md
rename to windows/client-management/get-localized-product-details.md
index 373bebf5d7..48fe49a501 100644
--- a/windows/client-management/mdm/get-localized-product-details.md
+++ b/windows/client-management/get-localized-product-details.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/07/2020
---
diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/get-offline-license.md
similarity index 96%
rename from windows/client-management/mdm/get-offline-license.md
rename to windows/client-management/get-offline-license.md
index 8960d7a7eb..160424bf6b 100644
--- a/windows/client-management/mdm/get-offline-license.md
+++ b/windows/client-management/get-offline-license.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/get-product-details.md
similarity index 95%
rename from windows/client-management/mdm/get-product-details.md
rename to windows/client-management/get-product-details.md
index 14b0e24af9..54d824ba07 100644
--- a/windows/client-management/mdm/get-product-details.md
+++ b/windows/client-management/get-product-details.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/get-product-package.md
similarity index 96%
rename from windows/client-management/mdm/get-product-package.md
rename to windows/client-management/get-product-package.md
index 2fa11f65b3..9dc16fb5c3 100644
--- a/windows/client-management/mdm/get-product-package.md
+++ b/windows/client-management/get-product-package.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/get-product-packages.md
similarity index 96%
rename from windows/client-management/mdm/get-product-packages.md
rename to windows/client-management/get-product-packages.md
index 4312842783..cf9e34fcda 100644
--- a/windows/client-management/mdm/get-product-packages.md
+++ b/windows/client-management/get-product-packages.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/get-seat.md
similarity index 96%
rename from windows/client-management/mdm/get-seat.md
rename to windows/client-management/get-seat.md
index 66b6b7340f..2c46b03f7a 100644
--- a/windows/client-management/mdm/get-seat.md
+++ b/windows/client-management/get-seat.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/get-seats-assigned-to-a-user.md
similarity index 96%
rename from windows/client-management/mdm/get-seats-assigned-to-a-user.md
rename to windows/client-management/get-seats-assigned-to-a-user.md
index 27a30678ae..b029f4e2da 100644
--- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md
+++ b/windows/client-management/get-seats-assigned-to-a-user.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/get-seats.md
similarity index 96%
rename from windows/client-management/mdm/get-seats.md
rename to windows/client-management/get-seats.md
index 333d467ee8..50e1920ffc 100644
--- a/windows/client-management/mdm/get-seats.md
+++ b/windows/client-management/get-seats.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index 44304f2950..0ad377277b 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -1,7 +1,7 @@
---
title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
diff --git a/windows/client-management/images/aadj1.jpg b/windows/client-management/images/aadj1.jpg
deleted file mode 100644
index 2348fc4c84..0000000000
Binary files a/windows/client-management/images/aadj1.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadj2.jpg b/windows/client-management/images/aadj2.jpg
deleted file mode 100644
index 39486bfc66..0000000000
Binary files a/windows/client-management/images/aadj2.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadj3.jpg b/windows/client-management/images/aadj3.jpg
deleted file mode 100644
index 80e1f5762f..0000000000
Binary files a/windows/client-management/images/aadj3.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadj4.jpg b/windows/client-management/images/aadj4.jpg
deleted file mode 100644
index 0db2910012..0000000000
Binary files a/windows/client-management/images/aadj4.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjbrowser.jpg b/windows/client-management/images/aadjbrowser.jpg
deleted file mode 100644
index c8d909688e..0000000000
Binary files a/windows/client-management/images/aadjbrowser.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjcal.jpg b/windows/client-management/images/aadjcal.jpg
deleted file mode 100644
index 1858886f5f..0000000000
Binary files a/windows/client-management/images/aadjcal.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjcalmail.jpg b/windows/client-management/images/aadjcalmail.jpg
deleted file mode 100644
index 5a5661259a..0000000000
Binary files a/windows/client-management/images/aadjcalmail.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjmail1.jpg b/windows/client-management/images/aadjmail1.jpg
deleted file mode 100644
index 89b1fcc3b7..0000000000
Binary files a/windows/client-management/images/aadjmail1.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjmail2.jpg b/windows/client-management/images/aadjmail2.jpg
deleted file mode 100644
index 0608010c6a..0000000000
Binary files a/windows/client-management/images/aadjmail2.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjmail3.jpg b/windows/client-management/images/aadjmail3.jpg
deleted file mode 100644
index d7154a7e0e..0000000000
Binary files a/windows/client-management/images/aadjmail3.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjonedrive.jpg b/windows/client-management/images/aadjonedrive.jpg
deleted file mode 100644
index 6fb1196d5f..0000000000
Binary files a/windows/client-management/images/aadjonedrive.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjonenote.jpg b/windows/client-management/images/aadjonenote.jpg
deleted file mode 100644
index 4ccd207f9f..0000000000
Binary files a/windows/client-management/images/aadjonenote.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjonenote2.jpg b/windows/client-management/images/aadjonenote2.jpg
deleted file mode 100644
index 1b6941e638..0000000000
Binary files a/windows/client-management/images/aadjonenote2.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjonenote3.jpg b/windows/client-management/images/aadjonenote3.jpg
deleted file mode 100644
index 3ac6911046..0000000000
Binary files a/windows/client-management/images/aadjonenote3.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjpin.jpg b/windows/client-management/images/aadjpin.jpg
deleted file mode 100644
index dac6cfec30..0000000000
Binary files a/windows/client-management/images/aadjpin.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjppt.jpg b/windows/client-management/images/aadjppt.jpg
deleted file mode 100644
index 268d5fe662..0000000000
Binary files a/windows/client-management/images/aadjppt.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjverify.jpg b/windows/client-management/images/aadjverify.jpg
deleted file mode 100644
index 7b30210f39..0000000000
Binary files a/windows/client-management/images/aadjverify.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjword.jpg b/windows/client-management/images/aadjword.jpg
deleted file mode 100644
index db2a58406e..0000000000
Binary files a/windows/client-management/images/aadjword.jpg and /dev/null differ
diff --git a/windows/client-management/images/aadjwsfb.jpg b/windows/client-management/images/aadjwsfb.jpg
deleted file mode 100644
index 428f1a26d4..0000000000
Binary files a/windows/client-management/images/aadjwsfb.jpg and /dev/null differ
diff --git a/windows/client-management/mdm/images/admx-app-v-enablepublishingserver2settings.png b/windows/client-management/images/admx-app-v-enablepublishingserver2settings.png
similarity index 100%
rename from windows/client-management/mdm/images/admx-app-v-enablepublishingserver2settings.png
rename to windows/client-management/images/admx-app-v-enablepublishingserver2settings.png
diff --git a/windows/client-management/mdm/images/admx-appv-enableapp-vclient.png b/windows/client-management/images/admx-appv-enableapp-vclient.png
similarity index 100%
rename from windows/client-management/mdm/images/admx-appv-enableapp-vclient.png
rename to windows/client-management/images/admx-appv-enableapp-vclient.png
diff --git a/windows/client-management/mdm/images/admx-appv-policy-description.png b/windows/client-management/images/admx-appv-policy-description.png
similarity index 100%
rename from windows/client-management/mdm/images/admx-appv-policy-description.png
rename to windows/client-management/images/admx-appv-policy-description.png
diff --git a/windows/client-management/mdm/images/admx-appv-publishingserver2.png b/windows/client-management/images/admx-appv-publishingserver2.png
similarity index 100%
rename from windows/client-management/mdm/images/admx-appv-publishingserver2.png
rename to windows/client-management/images/admx-appv-publishingserver2.png
diff --git a/windows/client-management/mdm/images/admx-appv.png b/windows/client-management/images/admx-appv.png
similarity index 100%
rename from windows/client-management/mdm/images/admx-appv.png
rename to windows/client-management/images/admx-appv.png
diff --git a/windows/client-management/mdm/images/admx-gpedit-search.png b/windows/client-management/images/admx-gpedit-search.png
similarity index 100%
rename from windows/client-management/mdm/images/admx-gpedit-search.png
rename to windows/client-management/images/admx-gpedit-search.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-activation-verification-less-entries.png b/windows/client-management/images/auto-enrollment-activation-verification-less-entries.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-activation-verification-less-entries.png
rename to windows/client-management/images/auto-enrollment-activation-verification-less-entries.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-activation-verification.png b/windows/client-management/images/auto-enrollment-activation-verification.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-activation-verification.png
rename to windows/client-management/images/auto-enrollment-activation-verification.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-azureadprt-verification.png b/windows/client-management/images/auto-enrollment-azureadprt-verification.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-azureadprt-verification.png
rename to windows/client-management/images/auto-enrollment-azureadprt-verification.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-device-status-result.png b/windows/client-management/images/auto-enrollment-device-status-result.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-device-status-result.png
rename to windows/client-management/images/auto-enrollment-device-status-result.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-enrollment-of-windows-devices.png b/windows/client-management/images/auto-enrollment-enrollment-of-windows-devices.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-enrollment-of-windows-devices.png
rename to windows/client-management/images/auto-enrollment-enrollment-of-windows-devices.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-event-id-102.png b/windows/client-management/images/auto-enrollment-event-id-102.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-event-id-102.png
rename to windows/client-management/images/auto-enrollment-event-id-102.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-event-id-107.png b/windows/client-management/images/auto-enrollment-event-id-107.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-event-id-107.png
rename to windows/client-management/images/auto-enrollment-event-id-107.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-intune-license-verification.png b/windows/client-management/images/auto-enrollment-intune-license-verification.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-intune-license-verification.png
rename to windows/client-management/images/auto-enrollment-intune-license-verification.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-mdm-discovery-url.png b/windows/client-management/images/auto-enrollment-mdm-discovery-url.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-mdm-discovery-url.png
rename to windows/client-management/images/auto-enrollment-mdm-discovery-url.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-microsoft-intune-setting.png b/windows/client-management/images/auto-enrollment-microsoft-intune-setting.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-microsoft-intune-setting.png
rename to windows/client-management/images/auto-enrollment-microsoft-intune-setting.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-outdated-enrollment-entries.png b/windows/client-management/images/auto-enrollment-outdated-enrollment-entries.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-outdated-enrollment-entries.png
rename to windows/client-management/images/auto-enrollment-outdated-enrollment-entries.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-task-scheduler.png b/windows/client-management/images/auto-enrollment-task-scheduler.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-task-scheduler.png
rename to windows/client-management/images/auto-enrollment-task-scheduler.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-75.png b/windows/client-management/images/auto-enrollment-troubleshooting-event-id-75.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-75.png
rename to windows/client-management/images/auto-enrollment-troubleshooting-event-id-75.png
diff --git a/windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-76.png b/windows/client-management/images/auto-enrollment-troubleshooting-event-id-76.png
similarity index 100%
rename from windows/client-management/mdm/images/auto-enrollment-troubleshooting-event-id-76.png
rename to windows/client-management/images/auto-enrollment-troubleshooting-event-id-76.png
diff --git a/windows/client-management/mdm/images/autoenrollment-2-factor-auth.png b/windows/client-management/images/autoenrollment-2-factor-auth.png
similarity index 100%
rename from windows/client-management/mdm/images/autoenrollment-2-factor-auth.png
rename to windows/client-management/images/autoenrollment-2-factor-auth.png
diff --git a/windows/client-management/mdm/images/autoenrollment-gpedit.png b/windows/client-management/images/autoenrollment-gpedit.png
similarity index 100%
rename from windows/client-management/mdm/images/autoenrollment-gpedit.png
rename to windows/client-management/images/autoenrollment-gpedit.png
diff --git a/windows/client-management/mdm/images/autoenrollment-mdm-policies.png b/windows/client-management/images/autoenrollment-mdm-policies.png
similarity index 100%
rename from windows/client-management/mdm/images/autoenrollment-mdm-policies.png
rename to windows/client-management/images/autoenrollment-mdm-policies.png
diff --git a/windows/client-management/mdm/images/autoenrollment-policy.png b/windows/client-management/images/autoenrollment-policy.png
similarity index 100%
rename from windows/client-management/mdm/images/autoenrollment-policy.png
rename to windows/client-management/images/autoenrollment-policy.png
diff --git a/windows/client-management/mdm/images/autoenrollment-scheduled-task.png b/windows/client-management/images/autoenrollment-scheduled-task.png
similarity index 100%
rename from windows/client-management/mdm/images/autoenrollment-scheduled-task.png
rename to windows/client-management/images/autoenrollment-scheduled-task.png
diff --git a/windows/client-management/mdm/images/autoenrollment-settings-work-school.png b/windows/client-management/images/autoenrollment-settings-work-school.png
similarity index 100%
rename from windows/client-management/mdm/images/autoenrollment-settings-work-school.png
rename to windows/client-management/images/autoenrollment-settings-work-school.png
diff --git a/windows/client-management/mdm/images/autoenrollment-task-schedulerapp.png b/windows/client-management/images/autoenrollment-task-schedulerapp.png
similarity index 100%
rename from windows/client-management/mdm/images/autoenrollment-task-schedulerapp.png
rename to windows/client-management/images/autoenrollment-task-schedulerapp.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant1.png b/windows/client-management/images/azure-ad-add-tenant1.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant1.png
rename to windows/client-management/images/azure-ad-add-tenant1.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant10.png b/windows/client-management/images/azure-ad-add-tenant10.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant10.png
rename to windows/client-management/images/azure-ad-add-tenant10.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant11.png b/windows/client-management/images/azure-ad-add-tenant11.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant11.png
rename to windows/client-management/images/azure-ad-add-tenant11.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant12.png b/windows/client-management/images/azure-ad-add-tenant12.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant12.png
rename to windows/client-management/images/azure-ad-add-tenant12.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant13.png b/windows/client-management/images/azure-ad-add-tenant13.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant13.png
rename to windows/client-management/images/azure-ad-add-tenant13.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant14.png b/windows/client-management/images/azure-ad-add-tenant14.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant14.png
rename to windows/client-management/images/azure-ad-add-tenant14.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant15.png b/windows/client-management/images/azure-ad-add-tenant15.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant15.png
rename to windows/client-management/images/azure-ad-add-tenant15.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant2.png b/windows/client-management/images/azure-ad-add-tenant2.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant2.png
rename to windows/client-management/images/azure-ad-add-tenant2.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant3-b.png b/windows/client-management/images/azure-ad-add-tenant3-b.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant3-b.png
rename to windows/client-management/images/azure-ad-add-tenant3-b.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant3.png b/windows/client-management/images/azure-ad-add-tenant3.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant3.png
rename to windows/client-management/images/azure-ad-add-tenant3.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant4.png b/windows/client-management/images/azure-ad-add-tenant4.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant4.png
rename to windows/client-management/images/azure-ad-add-tenant4.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant5.png b/windows/client-management/images/azure-ad-add-tenant5.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant5.png
rename to windows/client-management/images/azure-ad-add-tenant5.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant6.png b/windows/client-management/images/azure-ad-add-tenant6.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant6.png
rename to windows/client-management/images/azure-ad-add-tenant6.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant7.png b/windows/client-management/images/azure-ad-add-tenant7.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant7.png
rename to windows/client-management/images/azure-ad-add-tenant7.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant8.png b/windows/client-management/images/azure-ad-add-tenant8.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant8.png
rename to windows/client-management/images/azure-ad-add-tenant8.png
diff --git a/windows/client-management/mdm/images/azure-ad-add-tenant9.png b/windows/client-management/images/azure-ad-add-tenant9.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-add-tenant9.png
rename to windows/client-management/images/azure-ad-add-tenant9.png
diff --git a/windows/client-management/mdm/images/azure-ad-app-gallery.png b/windows/client-management/images/azure-ad-app-gallery.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-app-gallery.png
rename to windows/client-management/images/azure-ad-app-gallery.png
diff --git a/windows/client-management/mdm/images/azure-ad-device-list.png b/windows/client-management/images/azure-ad-device-list.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-device-list.png
rename to windows/client-management/images/azure-ad-device-list.png
diff --git a/windows/client-management/mdm/images/azure-ad-enrollment-flow.png b/windows/client-management/images/azure-ad-enrollment-flow.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-enrollment-flow.png
rename to windows/client-management/images/azure-ad-enrollment-flow.png
diff --git a/windows/client-management/mdm/images/azure-ad-unenrollment.png b/windows/client-management/images/azure-ad-unenrollment.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-ad-unenrollment.png
rename to windows/client-management/images/azure-ad-unenrollment.png
diff --git a/windows/client-management/mdm/images/azure-intune-configure-scope.png b/windows/client-management/images/azure-intune-configure-scope.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-intune-configure-scope.png
rename to windows/client-management/images/azure-intune-configure-scope.png
diff --git a/windows/client-management/mdm/images/azure-mdm-intune.png b/windows/client-management/images/azure-mdm-intune.png
similarity index 100%
rename from windows/client-management/mdm/images/azure-mdm-intune.png
rename to windows/client-management/images/azure-mdm-intune.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment.png b/windows/client-management/images/bulk-enrollment.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment.png
rename to windows/client-management/images/bulk-enrollment.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment2.png b/windows/client-management/images/bulk-enrollment2.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment2.png
rename to windows/client-management/images/bulk-enrollment2.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment3.png b/windows/client-management/images/bulk-enrollment3.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment3.png
rename to windows/client-management/images/bulk-enrollment3.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment4.png b/windows/client-management/images/bulk-enrollment4.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment4.png
rename to windows/client-management/images/bulk-enrollment4.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment5.png b/windows/client-management/images/bulk-enrollment5.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment5.png
rename to windows/client-management/images/bulk-enrollment5.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment6.png b/windows/client-management/images/bulk-enrollment6.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment6.png
rename to windows/client-management/images/bulk-enrollment6.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment7.png b/windows/client-management/images/bulk-enrollment7.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment7.png
rename to windows/client-management/images/bulk-enrollment7.png
diff --git a/windows/client-management/mdm/images/bulk-enrollment8.png b/windows/client-management/images/bulk-enrollment8.png
similarity index 100%
rename from windows/client-management/mdm/images/bulk-enrollment8.png
rename to windows/client-management/images/bulk-enrollment8.png
diff --git a/windows/client-management/mdm/images/businessstoreportalservices2.png b/windows/client-management/images/businessstoreportalservices2.png
similarity index 100%
rename from windows/client-management/mdm/images/businessstoreportalservices2.png
rename to windows/client-management/images/businessstoreportalservices2.png
diff --git a/windows/client-management/mdm/images/businessstoreportalservices3.png b/windows/client-management/images/businessstoreportalservices3.png
similarity index 100%
rename from windows/client-management/mdm/images/businessstoreportalservices3.png
rename to windows/client-management/images/businessstoreportalservices3.png
diff --git a/windows/client-management/mdm/images/businessstoreportalservicesflow.png b/windows/client-management/images/businessstoreportalservicesflow.png
similarity index 100%
rename from windows/client-management/mdm/images/businessstoreportalservicesflow.png
rename to windows/client-management/images/businessstoreportalservicesflow.png
diff --git a/windows/client-management/images/certfiltering1.png b/windows/client-management/images/certfiltering1.png
new file mode 100644
index 0000000000..0e84f433bc
Binary files /dev/null and b/windows/client-management/images/certfiltering1.png differ
diff --git a/windows/client-management/images/certfiltering2.png b/windows/client-management/images/certfiltering2.png
new file mode 100644
index 0000000000..8e08b29641
Binary files /dev/null and b/windows/client-management/images/certfiltering2.png differ
diff --git a/windows/client-management/images/certfiltering3.png b/windows/client-management/images/certfiltering3.png
new file mode 100644
index 0000000000..ce5aae1f63
Binary files /dev/null and b/windows/client-management/images/certfiltering3.png differ
diff --git a/windows/client-management/mdm/images/configlock-mem-createprofile.png b/windows/client-management/images/configlock-mem-createprofile.png
similarity index 100%
rename from windows/client-management/mdm/images/configlock-mem-createprofile.png
rename to windows/client-management/images/configlock-mem-createprofile.png
diff --git a/windows/client-management/mdm/images/configlock-mem-dev.png b/windows/client-management/images/configlock-mem-dev.png
similarity index 100%
rename from windows/client-management/mdm/images/configlock-mem-dev.png
rename to windows/client-management/images/configlock-mem-dev.png
diff --git a/windows/client-management/mdm/images/configlock-mem-devstatus.png b/windows/client-management/images/configlock-mem-devstatus.png
similarity index 100%
rename from windows/client-management/mdm/images/configlock-mem-devstatus.png
rename to windows/client-management/images/configlock-mem-devstatus.png
diff --git a/windows/client-management/mdm/images/configlock-mem-editrow.png b/windows/client-management/images/configlock-mem-editrow.png
similarity index 100%
rename from windows/client-management/mdm/images/configlock-mem-editrow.png
rename to windows/client-management/images/configlock-mem-editrow.png
diff --git a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png b/windows/client-management/images/configlock-mem-firmwareprotect.png
similarity index 100%
rename from windows/client-management/mdm/images/configlock-mem-firmwareprotect.png
rename to windows/client-management/images/configlock-mem-firmwareprotect.png
diff --git a/windows/client-management/mdm/images/deeplinkenrollment1.png b/windows/client-management/images/deeplinkenrollment1.png
similarity index 100%
rename from windows/client-management/mdm/images/deeplinkenrollment1.png
rename to windows/client-management/images/deeplinkenrollment1.png
diff --git a/windows/client-management/mdm/images/deeplinkenrollment3.png b/windows/client-management/images/deeplinkenrollment3.png
similarity index 100%
rename from windows/client-management/mdm/images/deeplinkenrollment3.png
rename to windows/client-management/images/deeplinkenrollment3.png
diff --git a/windows/client-management/mdm/images/deeplinkenrollment4.png b/windows/client-management/images/deeplinkenrollment4.png
similarity index 100%
rename from windows/client-management/mdm/images/deeplinkenrollment4.png
rename to windows/client-management/images/deeplinkenrollment4.png
diff --git a/windows/client-management/images/device-installation-usb-properties.png b/windows/client-management/images/device-installation-usb-properties.png
deleted file mode 100644
index 823294fd95..0000000000
Binary files a/windows/client-management/images/device-installation-usb-properties.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/deviceupdateprocess2.png b/windows/client-management/images/deviceupdateprocess2.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdateprocess2.png
rename to windows/client-management/images/deviceupdateprocess2.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot1.png b/windows/client-management/images/deviceupdatescreenshot1.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot1.png
rename to windows/client-management/images/deviceupdatescreenshot1.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot2.png b/windows/client-management/images/deviceupdatescreenshot2.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot2.png
rename to windows/client-management/images/deviceupdatescreenshot2.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot3.png b/windows/client-management/images/deviceupdatescreenshot3.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot3.png
rename to windows/client-management/images/deviceupdatescreenshot3.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot4.png b/windows/client-management/images/deviceupdatescreenshot4.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot4.png
rename to windows/client-management/images/deviceupdatescreenshot4.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot5.png b/windows/client-management/images/deviceupdatescreenshot5.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot5.png
rename to windows/client-management/images/deviceupdatescreenshot5.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot6.png b/windows/client-management/images/deviceupdatescreenshot6.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot6.png
rename to windows/client-management/images/deviceupdatescreenshot6.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot7.png b/windows/client-management/images/deviceupdatescreenshot7.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot7.png
rename to windows/client-management/images/deviceupdatescreenshot7.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot8.png b/windows/client-management/images/deviceupdatescreenshot8.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot8.png
rename to windows/client-management/images/deviceupdatescreenshot8.png
diff --git a/windows/client-management/mdm/images/deviceupdatescreenshot9.png b/windows/client-management/images/deviceupdatescreenshot9.png
similarity index 100%
rename from windows/client-management/mdm/images/deviceupdatescreenshot9.png
rename to windows/client-management/images/deviceupdatescreenshot9.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures1.png b/windows/client-management/images/diagnose-mdm-failures1.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures1.png
rename to windows/client-management/images/diagnose-mdm-failures1.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures10.png b/windows/client-management/images/diagnose-mdm-failures10.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures10.png
rename to windows/client-management/images/diagnose-mdm-failures10.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures11.png b/windows/client-management/images/diagnose-mdm-failures11.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures11.png
rename to windows/client-management/images/diagnose-mdm-failures11.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures12.png b/windows/client-management/images/diagnose-mdm-failures12.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures12.png
rename to windows/client-management/images/diagnose-mdm-failures12.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures13.png b/windows/client-management/images/diagnose-mdm-failures13.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures13.png
rename to windows/client-management/images/diagnose-mdm-failures13.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures14.png b/windows/client-management/images/diagnose-mdm-failures14.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures14.png
rename to windows/client-management/images/diagnose-mdm-failures14.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures15.png b/windows/client-management/images/diagnose-mdm-failures15.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures15.png
rename to windows/client-management/images/diagnose-mdm-failures15.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures16.png b/windows/client-management/images/diagnose-mdm-failures16.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures16.png
rename to windows/client-management/images/diagnose-mdm-failures16.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures17.png b/windows/client-management/images/diagnose-mdm-failures17.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures17.png
rename to windows/client-management/images/diagnose-mdm-failures17.png
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures9.png b/windows/client-management/images/diagnose-mdm-failures9.png
similarity index 100%
rename from windows/client-management/mdm/images/diagnose-mdm-failures9.png
rename to windows/client-management/images/diagnose-mdm-failures9.png
diff --git a/windows/client-management/mdm/images/enterprise-workflow.png b/windows/client-management/images/enterprise-workflow.png
similarity index 100%
rename from windows/client-management/mdm/images/enterprise-workflow.png
rename to windows/client-management/images/enterprise-workflow.png
diff --git a/windows/client-management/mdm/images/faq-max-devices.png b/windows/client-management/images/faq-max-devices.png
similarity index 100%
rename from windows/client-management/mdm/images/faq-max-devices.png
rename to windows/client-management/images/faq-max-devices.png
diff --git a/windows/client-management/mdm/images/group-policy-editor.png b/windows/client-management/images/group-policy-editor.png
similarity index 100%
rename from windows/client-management/mdm/images/group-policy-editor.png
rename to windows/client-management/images/group-policy-editor.png
diff --git a/windows/client-management/mdm/images/group-policy-publisher-server-2-settings.png b/windows/client-management/images/group-policy-publisher-server-2-settings.png
similarity index 100%
rename from windows/client-management/mdm/images/group-policy-publisher-server-2-settings.png
rename to windows/client-management/images/group-policy-publisher-server-2-settings.png
diff --git a/windows/client-management/mdm/images/implement-server-side-mobile-application-management.png b/windows/client-management/images/implement-server-side-mobile-application-management.png
similarity index 100%
rename from windows/client-management/mdm/images/implement-server-side-mobile-application-management.png
rename to windows/client-management/images/implement-server-side-mobile-application-management.png
diff --git a/windows/client-management/mdm/images/mdm-enrollment-disable-policy.png b/windows/client-management/images/mdm-enrollment-disable-policy.png
similarity index 100%
rename from windows/client-management/mdm/images/mdm-enrollment-disable-policy.png
rename to windows/client-management/images/mdm-enrollment-disable-policy.png
diff --git a/windows/client-management/mdm/images/mdm-update-sync.png b/windows/client-management/images/mdm-update-sync.png
similarity index 100%
rename from windows/client-management/mdm/images/mdm-update-sync.png
rename to windows/client-management/images/mdm-update-sync.png
diff --git a/windows/client-management/images/msinfosnip.jpg b/windows/client-management/images/msinfosnip.jpg
deleted file mode 100644
index 67c65eec3c..0000000000
Binary files a/windows/client-management/images/msinfosnip.jpg and /dev/null differ
diff --git a/windows/client-management/mdm/images/push-notification1.png b/windows/client-management/images/push-notification1.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification1.png
rename to windows/client-management/images/push-notification1.png
diff --git a/windows/client-management/mdm/images/push-notification10.png b/windows/client-management/images/push-notification10.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification10.png
rename to windows/client-management/images/push-notification10.png
diff --git a/windows/client-management/mdm/images/push-notification2.png b/windows/client-management/images/push-notification2.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification2.png
rename to windows/client-management/images/push-notification2.png
diff --git a/windows/client-management/mdm/images/push-notification3.png b/windows/client-management/images/push-notification3.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification3.png
rename to windows/client-management/images/push-notification3.png
diff --git a/windows/client-management/mdm/images/push-notification4.png b/windows/client-management/images/push-notification4.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification4.png
rename to windows/client-management/images/push-notification4.png
diff --git a/windows/client-management/mdm/images/push-notification5.png b/windows/client-management/images/push-notification5.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification5.png
rename to windows/client-management/images/push-notification5.png
diff --git a/windows/client-management/mdm/images/push-notification6.png b/windows/client-management/images/push-notification6.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification6.png
rename to windows/client-management/images/push-notification6.png
diff --git a/windows/client-management/mdm/images/push-notification7.png b/windows/client-management/images/push-notification7.png
similarity index 100%
rename from windows/client-management/mdm/images/push-notification7.png
rename to windows/client-management/images/push-notification7.png
diff --git a/windows/client-management/images/quick-assist-get.png b/windows/client-management/images/quick-assist-get.png
new file mode 100644
index 0000000000..fc7ccdd1a4
Binary files /dev/null and b/windows/client-management/images/quick-assist-get.png differ
diff --git a/windows/client-management/mdm/images/ssl-settings.png b/windows/client-management/images/ssl-settings.png
similarity index 100%
rename from windows/client-management/mdm/images/ssl-settings.png
rename to windows/client-management/images/ssl-settings.png
diff --git a/windows/client-management/images/systeminfo.png b/windows/client-management/images/systeminfo.png
deleted file mode 100644
index 4c70bed782..0000000000
Binary files a/windows/client-management/images/systeminfo.png and /dev/null differ
diff --git a/windows/client-management/images/systemproperties.png b/windows/client-management/images/systemproperties.png
deleted file mode 100644
index e6e6d5677b..0000000000
Binary files a/windows/client-management/images/systemproperties.png and /dev/null differ
diff --git a/windows/client-management/images/systemprops.jpg b/windows/client-management/images/systemprops.jpg
deleted file mode 100644
index dfff3fb5d0..0000000000
Binary files a/windows/client-management/images/systemprops.jpg and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-1.png b/windows/client-management/images/tcp-ts-1.png
deleted file mode 100644
index 621235d5b3..0000000000
Binary files a/windows/client-management/images/tcp-ts-1.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-2.png b/windows/client-management/images/tcp-ts-2.png
deleted file mode 100644
index cdaada6cb6..0000000000
Binary files a/windows/client-management/images/tcp-ts-2.png and /dev/null differ
diff --git a/windows/client-management/images/tcp-ts-3.png b/windows/client-management/images/tcp-ts-3.png
deleted file mode 100644
index ce3072c95e..0000000000
Binary files a/windows/client-management/images/tcp-ts-3.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-1.png b/windows/client-management/images/unifiedenrollment-rs1-1.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-1.png
rename to windows/client-management/images/unifiedenrollment-rs1-1.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-10.png b/windows/client-management/images/unifiedenrollment-rs1-10.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-10.png
rename to windows/client-management/images/unifiedenrollment-rs1-10.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-11.png b/windows/client-management/images/unifiedenrollment-rs1-11.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-11.png
rename to windows/client-management/images/unifiedenrollment-rs1-11.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-12.png b/windows/client-management/images/unifiedenrollment-rs1-12.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-12.png
rename to windows/client-management/images/unifiedenrollment-rs1-12.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-13.png b/windows/client-management/images/unifiedenrollment-rs1-13.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-13.png
rename to windows/client-management/images/unifiedenrollment-rs1-13.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-14.png b/windows/client-management/images/unifiedenrollment-rs1-14.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-14.png
rename to windows/client-management/images/unifiedenrollment-rs1-14.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-15.png b/windows/client-management/images/unifiedenrollment-rs1-15.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-15.png
rename to windows/client-management/images/unifiedenrollment-rs1-15.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-16.png b/windows/client-management/images/unifiedenrollment-rs1-16.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-16.png
rename to windows/client-management/images/unifiedenrollment-rs1-16.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-17.png b/windows/client-management/images/unifiedenrollment-rs1-17.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-17.png
rename to windows/client-management/images/unifiedenrollment-rs1-17.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-18.png b/windows/client-management/images/unifiedenrollment-rs1-18.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-18.png
rename to windows/client-management/images/unifiedenrollment-rs1-18.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-19.png b/windows/client-management/images/unifiedenrollment-rs1-19.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-19.png
rename to windows/client-management/images/unifiedenrollment-rs1-19.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-2.png b/windows/client-management/images/unifiedenrollment-rs1-2.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-2.png
rename to windows/client-management/images/unifiedenrollment-rs1-2.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-20.png b/windows/client-management/images/unifiedenrollment-rs1-20.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-20.png
rename to windows/client-management/images/unifiedenrollment-rs1-20.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-21-b.png b/windows/client-management/images/unifiedenrollment-rs1-21-b.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-21-b.png
rename to windows/client-management/images/unifiedenrollment-rs1-21-b.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-23-b.png b/windows/client-management/images/unifiedenrollment-rs1-23-b.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-23-b.png
rename to windows/client-management/images/unifiedenrollment-rs1-23-b.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-24-b.png b/windows/client-management/images/unifiedenrollment-rs1-24-b.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-24-b.png
rename to windows/client-management/images/unifiedenrollment-rs1-24-b.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-25-b.png b/windows/client-management/images/unifiedenrollment-rs1-25-b.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-25-b.png
rename to windows/client-management/images/unifiedenrollment-rs1-25-b.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-26.png b/windows/client-management/images/unifiedenrollment-rs1-26.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-26.png
rename to windows/client-management/images/unifiedenrollment-rs1-26.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-27.png b/windows/client-management/images/unifiedenrollment-rs1-27.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-27.png
rename to windows/client-management/images/unifiedenrollment-rs1-27.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-28.png b/windows/client-management/images/unifiedenrollment-rs1-28.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-28.png
rename to windows/client-management/images/unifiedenrollment-rs1-28.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-29.png b/windows/client-management/images/unifiedenrollment-rs1-29.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-29.png
rename to windows/client-management/images/unifiedenrollment-rs1-29.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-3.png b/windows/client-management/images/unifiedenrollment-rs1-3.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-3.png
rename to windows/client-management/images/unifiedenrollment-rs1-3.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-30.png b/windows/client-management/images/unifiedenrollment-rs1-30.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-30.png
rename to windows/client-management/images/unifiedenrollment-rs1-30.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-31.png b/windows/client-management/images/unifiedenrollment-rs1-31.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-31.png
rename to windows/client-management/images/unifiedenrollment-rs1-31.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-32.png b/windows/client-management/images/unifiedenrollment-rs1-32.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-32.png
rename to windows/client-management/images/unifiedenrollment-rs1-32.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-33-b.png b/windows/client-management/images/unifiedenrollment-rs1-33-b.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-33-b.png
rename to windows/client-management/images/unifiedenrollment-rs1-33-b.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-34-b.png b/windows/client-management/images/unifiedenrollment-rs1-34-b.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-34-b.png
rename to windows/client-management/images/unifiedenrollment-rs1-34-b.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-35-b.png b/windows/client-management/images/unifiedenrollment-rs1-35-b.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-35-b.png
rename to windows/client-management/images/unifiedenrollment-rs1-35-b.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-37-c.png b/windows/client-management/images/unifiedenrollment-rs1-37-c.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-37-c.png
rename to windows/client-management/images/unifiedenrollment-rs1-37-c.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-4.png b/windows/client-management/images/unifiedenrollment-rs1-4.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-4.png
rename to windows/client-management/images/unifiedenrollment-rs1-4.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-5.png b/windows/client-management/images/unifiedenrollment-rs1-5.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-5.png
rename to windows/client-management/images/unifiedenrollment-rs1-5.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-6.png b/windows/client-management/images/unifiedenrollment-rs1-6.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-6.png
rename to windows/client-management/images/unifiedenrollment-rs1-6.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-7.png b/windows/client-management/images/unifiedenrollment-rs1-7.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-7.png
rename to windows/client-management/images/unifiedenrollment-rs1-7.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-8.png b/windows/client-management/images/unifiedenrollment-rs1-8.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-8.png
rename to windows/client-management/images/unifiedenrollment-rs1-8.png
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-9.png b/windows/client-management/images/unifiedenrollment-rs1-9.png
similarity index 100%
rename from windows/client-management/mdm/images/unifiedenrollment-rs1-9.png
rename to windows/client-management/images/unifiedenrollment-rs1-9.png
diff --git a/windows/client-management/images/wifistackcomponents.png b/windows/client-management/images/wifistackcomponents.png
deleted file mode 100644
index 7971a3d9bf..0000000000
Binary files a/windows/client-management/images/wifistackcomponents.png and /dev/null differ
diff --git a/windows/client-management/media/win11-control-panel-windows-tools.png b/windows/client-management/images/win11-control-panel-windows-tools.png
similarity index 100%
rename from windows/client-management/media/win11-control-panel-windows-tools.png
rename to windows/client-management/images/win11-control-panel-windows-tools.png
diff --git a/windows/client-management/media/win11-windows-tools.png b/windows/client-management/images/win11-windows-tools.png
similarity index 100%
rename from windows/client-management/media/win11-windows-tools.png
rename to windows/client-management/images/win11-windows-tools.png
diff --git a/windows/client-management/images/windows-10-management-gp-intune-flow.png b/windows/client-management/images/windows-10-management-gp-intune-flow.png
deleted file mode 100644
index c9e3f2ea31..0000000000
Binary files a/windows/client-management/images/windows-10-management-gp-intune-flow.png and /dev/null differ
diff --git a/windows/client-management/images/winsearchbar.jpg b/windows/client-management/images/winsearchbar.jpg
deleted file mode 100644
index 7f27bd8805..0000000000
Binary files a/windows/client-management/images/winsearchbar.jpg and /dev/null differ
diff --git a/windows/client-management/images/winversnip.jpg b/windows/client-management/images/winversnip.jpg
deleted file mode 100644
index c2f2be1bb2..0000000000
Binary files a/windows/client-management/images/winversnip.jpg and /dev/null differ
diff --git a/windows/client-management/images/wiredautoconfig.png b/windows/client-management/images/wiredautoconfig.png
deleted file mode 100644
index cede26ce74..0000000000
Binary files a/windows/client-management/images/wiredautoconfig.png and /dev/null differ
diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md
similarity index 85%
rename from windows/client-management/mdm/implement-server-side-mobile-application-management.md
rename to windows/client-management/implement-server-side-mobile-application-management.md
index 9d71b7234b..88f302cdce 100644
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/implement-server-side-mobile-application-management.md
@@ -3,8 +3,8 @@ title: Support for mobile application management on Windows
description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/03/2022
ms.reviewer:
@@ -57,7 +57,7 @@ MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/
Below are protocol changes for MAM enrollment:
- MDM discovery isn't supported.
-- APPAUTH node in [DMAcc CSP](dmacc-csp.md) is optional.
+- APPAUTH node in [DMAcc CSP](mdm/dmacc-csp.md) is optional.
- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication.
Here's an example provisioning XML for MAM enrollment.
@@ -74,26 +74,26 @@ Here's an example provisioning XML for MAM enrollment.
```
-Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided above, the device would default to once every 24 hours.
+Since the [Poll](mdm/dmclient-csp.md#provider-providerid-poll) node isn’t provided above, the device would default to once every 24 hours.
## Supported CSPs
MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback:
-- [AppLocker CSP](applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
-- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
-- [DeviceStatus CSP](devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
-- [DevInfo CSP](devinfo-csp.md).
-- [DMAcc CSP](dmacc-csp.md).
-- [DMClient CSP](dmclient-csp.md) for polling schedules configuration and MDM discovery URL.
-- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has Windows Information Protection policies.
-- [Health Attestation CSP](healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
-- [PassportForWork CSP](passportforwork-csp.md) for Windows Hello for Business PIN management.
-- [Policy CSP](policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas.
-- [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs.
-- [RootCaTrustedCertificates CSP](rootcacertificates-csp.md).
-- [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
-- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
+- [AppLocker CSP](mdm/applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
+- [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
+- [DeviceStatus CSP](mdm/devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
+- [DevInfo CSP](mdm/devinfo-csp.md).
+- [DMAcc CSP](mdm/dmacc-csp.md).
+- [DMClient CSP](mdm/dmclient-csp.md) for polling schedules configuration and MDM discovery URL.
+- [EnterpriseDataProtection CSP](mdm/enterprisedataprotection-csp.md) has Windows Information Protection policies.
+- [Health Attestation CSP](mdm/healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
+- [PassportForWork CSP](mdm/passportforwork-csp.md) for Windows Hello for Business PIN management.
+- [Policy CSP](mdm/policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas.
+- [Reporting CSP](mdm/reporting-csp.md) for retrieving Windows Information Protection logs.
+- [RootCaTrustedCertificates CSP](mdm/rootcacertificates-csp.md).
+- [VPNv2 CSP](mdm/vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
+- [WiFi CSP](mdm/wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
## Device lock policies and EAS
diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml
index 4dd2469b3f..7fdf68a9fa 100644
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@@ -29,24 +29,53 @@ landingContent:
linkLists:
- linkListType: overview
links:
+ - text: Mobile device management (MDM) overview
+ url: mdm-overview.md
+ - linkListType: concept
+ links:
+ - text: MDM for device updates
+ url: device-update-management.md
+ - text: Enterprise settings, policies, and app management
+ url: windows-mdm-enterprise-settings.md
- text: Windows Tools/Administrative Tools
url: administrative-tools-in-windows-10.md
- text: Create mandatory user profiles
url: mandatory-user-profile.md
- - text: Mobile device management (MDM)
- url: mdm/index.yml
- - text: MDM for device updates
- url: mdm/device-update-management.md
- - text: Mobile device enrollment
- url: mdm/mobile-device-enrollment.md
- # Card (optional)
- - title: CSP reference documentation
+ - title: Device enrollment
linkLists:
- linkListType: overview
links:
- - text: Configuration service provider reference
- url: mdm/configuration-service-provider-reference.md
+ - text: Mobile device enrollment
+ url: mobile-device-enrollment.md
+ - linkListType: concept
+ links:
+ - text: Enroll Windows devices
+ url: mdm-enrollment-of-windows-devices.md
+ - text: Automatic enrollment using Azure AD
+ url: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+ - text: Automatic enrollment using group policy
+ url: enroll-a-windows-10-device-automatically-using-group-policy.md
+ - text: Bulk enrollment
+ url: bulk-enrollment-using-windows-provisioning-tool.md
+
+ # Card (optional)
+ - title: Configuration service provider reference
+ linkLists:
+ - linkListType: overview
+ links:
+ - text: CSP reference
+ url: mdm/index.yml
+ - linkListType: concept
+ links:
+ - text: Understanding ADMX policies
+ url: understanding-admx-backed-policies.md
+ - text: WMI Bridge Provider
+ url: using-powershell-scripting-with-the-wmi-bridge-provider.md
+ - text: OMA DM protocol support
+ url: oma-dm-protocol-support.md
+ - linkListType: reference
+ links:
- text: DynamicManagement CSP
url: mdm/dynamicmanagement-csp.md
- text: BitLocker CSP
@@ -60,11 +89,11 @@ landingContent:
linkLists:
- linkListType: how-to-guide
links:
- - text: Troubleshoot Windows 10 clients
- url: windows-10-support-solutions.md
+ - text: Troubleshoot Windows clients
+ url: /troubleshoot/windows-client/welcome-windows-client
- text: Advanced troubleshooting for Windows networking
- url: troubleshoot-networking.md
- - text: Advanced troubleshooting for Windows start-up
- url: troubleshoot-networking.md
- - text: Advanced troubleshooting for Windows networking
- url: troubleshoot-windows-startup.md
+ url: /troubleshoot/windows-client/networking/networking-overview
+ - text: Advanced troubleshooting for Windows start-up and performance
+ url: /troubleshoot/windows-client/performance/performance-overview
+ - text: Advanced troubleshooting for user profiles and logon
+ url: /troubleshoot/windows-client/user-profiles-and-logon/userprofiles-and-logon-overview
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
deleted file mode 100644
index af10628683..0000000000
--- a/windows/client-management/introduction-page-file.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-title: Introduction to the page file
-description: Learn about the page files in Windows. A page file is an optional, hidden system file on a hard disk.
-ms.prod: w10
-ms.topic: troubleshooting
-author: Deland-Han
-ms.localizationpriority: medium
-ms.author: delhan
-ms.reviewer: dcscontentpm
-manager: dansimp
-ms.collection: highpri
----
-
-# Introduction to page files
-
-A page file (also known as a "paging file") is an optional, hidden system file on a hard disk.
-
-## Functionality
-
-Page files have the following functionalities.
-
-### Physical extension of RAM
-
-Page files enable the system to remove infrequently accessed modified pages from physical memory to let the system use physical memory more efficiently for more frequently accessed pages.
-
-### Application requirements
-
-Some products or services require a page file for various reasons. For specific information, check the product documentation.
-
-For example, the following Windows servers require page files:
-
-- Windows Server domain controllers (DCs)
-- DFS Replication (DFS-R) servers
-- Certificate servers
-- ADAM/LDS servers
-
-This requirement is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to ensure that the database cache can release memory if other services or applications request memory.
-
-For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed".
-
-### Support for system crash dumps
-
-Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as "virtual memory") a system can support.
-
-For more information about system crash dumps, see [system crash dump options](system-failure-recovery-options.md#under-write-debugging-information).
-
-## Page files in Windows with large physical memory
-
-When large physical memory is installed, a page file might not be required to support the system commit charge during peak usage. For example, 64-bit versions of Windows and Windows Server support more physical memory (RAM) than 32-bit versions support. The available physical memory alone might be large enough.
-
-However, the reason to configure the page file size hasn't changed. It has always been about supporting a system crash dump, if it's necessary, or extending the system commit limit, if it's necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
-
-## System committed memory
-
-Page files extend how much "committed memory" (also known as "virtual memory") is used to store modified data.
-
-The system commit memory limit is the sum of physical memory and all page files combined. It represents the maximum system-committed memory (also known as the "system commit charge") that the system can support.
-
-
-
-The system commit charge is the total committed or "promised" memory of all committed virtual memory in the system. If the system commit charge reaches the system commit limit, the system and processes might not get committed memory. This condition can cause freezing, crashing, and other malfunctions. Therefore, make sure that you set the system commit limit high enough to support the system commit charge during peak usage.
-
-
-
-
-
-The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The **\Memory\% Committed Bytes In Use** counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
-
-> [!NOTE]
-> System-managed page files automatically grow up to three times the physical memory or 4 GB (whichever is larger, but no more than one-eighth of the volume size) when the system commit charge reaches 90 percent of the system commit limit. This assumes that enough free disk space is available to accommodate the growth.
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 022820d4e9..24fe54f2cf 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -5,7 +5,7 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
keywords: [MDM, device management]
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
@@ -45,5 +45,5 @@ You can use the same management tools to manage all device types running Windows
[Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
-Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/learn/)
-
\ No newline at end of file
+Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/training/)
+
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 7c8c46580d..e09a71c63d 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -1,7 +1,7 @@
---
title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage Device Installation Restrictions with Group Policy.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
@@ -18,8 +18,8 @@ ms.topic: article
- Windows 11
- Windows Server 2022
-
## Summary
+
By using Windows operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
## Introduction
@@ -60,7 +60,6 @@ It's more difficult for users to make unauthorized copies of company data if use
You can ensure that users install only those devices that your technical support team is trained and equipped to support. This benefit reduces support costs and user confusion.
-
## Scenario Overview
The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy.. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to use Group Policy to manage your client computers, see Group Policy at the Microsoft Web site.
@@ -90,7 +89,6 @@ This scenario, although similar to scenario #2, brings another layer of complexi
In this scenario, combining all previous four scenarios, you'll learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the ‘prevent’ functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first four scenarios and therefore it's preferred to go over them first before attempting this scenario.
-
## Technology Review
The following sections provide a brief overview of the core technologies discussed in this guide and give background information that is necessary to understand the scenarios.
@@ -126,14 +124,14 @@ Hardware IDs are the identifiers that provide the exact match between a device a
Windows uses these identifiers to select a driver if the operating system can't find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they're generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device.
-When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see How Setup Selects Drivers in the Microsoft Docs library.
+When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see [How Windows selects a driver package for a device](/windows-hardware/drivers/install/how-windows-selects-a-driver-for-a-device).
> [!NOTE]
> For more information about the driver installation process, see the "Technology review" section of the Step-by-Step Guide to Driver Signing and Staging.
Some physical devices create one or more logical devices when they're installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function.
-When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see Device Identification Strings in Microsoft Docs.
+When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see [Device identification strings](/windows-hardware/drivers/install/device-identification-strings).
#### Device setup classes
@@ -143,7 +141,7 @@ When you use device Classes to allow or prevent users from installing drivers, y
For example, a multi-function device, such as an all-in-one scanner/fax/printer, has a GUID for a generic multi-function device, a GUID for the printer function, a GUID for the scanner function, and so on. The GUIDs for the individual functions are "child nodes" under the multi-function device GUID. To install a child node, Windows must also be able to install the parent node. You must allow installation of the device setup class of the parent GUID for the multi-function device in addition to any child GUIDs for the printer and scanner functions.
-For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes) in Microsoft Docs.
+For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes).
This guide doesn't depict any scenarios that use device setup classes. However, the basic principles demonstrated with device identification strings in this guide also apply to device setup classes. After you discover the device setup class for a specific device, you can then use it in a policy to either allow or prevent installation of drivers for that class of devices.
@@ -154,14 +152,13 @@ The following two links provide the complete list of Device Setup Classes. ‘Sy
#### ‘Removable Device’ Device type
-Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
-
+Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
### Group Policy Settings for Device Installation
Group Policy is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
-Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see Group Policy Object Editor Technical Reference.
+Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see [Group Policy Object Editor](/previous-versions/windows/desktop/Policy/group-policy-object-editor).
The following passages are brief descriptions of the Device Installation policies that are used in this guide.
@@ -210,12 +207,9 @@ This policy setting will change the evaluation order in which Allow and Prevent
> If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
Some of these policies take precedence over other policies. The flowchart shown below illustrates how Windows processes them to determine whether a user can install a device or not, as shown in Figure below.
-
+
 _Device Installation policies flow chart_
-
-
-
## Requirements for completing the scenarios
### General
@@ -259,7 +253,7 @@ To find device identification strings using Device Manager
3. Device Manager starts and displays a tree representing all of the devices detected on your computer. At the top of the tree is a node with your computers name next to it. Lower nodes represent the various categories of hardware into which your computers devices are grouped.
4. Find the “Printers” section and find the target printer
-
+
 _Selecting the printer in Device Manager_
5. Double-click the printer and move to the ‘Details’ tab.
@@ -273,7 +267,7 @@ To find device identification strings using Device Manager
 _HWID and Compatible ID_
> [!TIP]
- > You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil) in Microsoft Docs.
+ > You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil).
### Getting device identifiers using PnPUtil
@@ -316,7 +310,7 @@ Setting up the environment for the scenario with the following steps:
1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
-2. Disable all previous Device Installation policies, except ‘Apply layered order of evaluation’—although the policy is disabled in default, this policy is recommended to be enabled in most practical applications.
+2. Disable all previous Device Installation policies, except ‘Apply layered order of evaluation’—although the policy is disabled in default, this policy is recommended to be enabled in most practical applications.
3. If there are any enabled policies, changing their status to ‘disabled’, would clear them from all parameters
@@ -333,7 +327,7 @@ Getting the right device identifier to prevent it from being installed:
- [System-Defined Device Setup Classes Available to Vendors - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors)
- [System-Defined Device Setup Classes Reserved for System Use - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-reserved-for-system-use)
-3. Our current scenario is focused on preventing all printers from being installed, as such here's the Class GUID for most of printers in the market:
+3. Our current scenario is focused on preventing all printers from being installed, as such here's the Class GUID for most of printers in the market:
> Printers\
> Class = Printer\
@@ -347,7 +341,7 @@ Creating the policy to prevent all printers from being installed:
1. Open Group Policy Object Editor—either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
-2. Navigate to the Device Installation Restriction page:
+2. Navigate to the Device Installation Restriction page:
> Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
@@ -625,12 +619,12 @@ These devices are internal devices on the machine that define the USB port conne
> [!IMPORTANT]
> Some device in the system have several layers of connectivity to define their installation on the system. USB thumb-drives are such devices. Thus, when looking to either block or allow them on a system, it's important to understand the path of connectivity for each device. There are several generic Device IDs that are commonly used in systems and could provide a good start to build an ‘Allow list’ in such cases. See below for the list:
->
-> PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
+>
+> PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
> USB\ROOT_HUB30; USB\ROOT_HUB20 (for USB Root Hubs)/
> USB\USB20_HUB (for Generic USB Hubs)/
->
-> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
+>
+> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
>
> Different PC manufacturers sometimes have different ways to nest USB devices in the PnP tree, but in general this is how it's done.
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index d78eac22f8..285c3b9a28 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -1,7 +1,7 @@
---
title: Manage the Settings app with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 367392eba4..0dd98cccd4 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -1,7 +1,7 @@
---
title: Manage Windows 10 in your organization - transitioning to modern management
description: This article offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment.
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
ms.date: 06/03/2022
author: vinaypamnani-msft
@@ -133,4 +133,4 @@ There are various steps you can take to begin the process of modernizing device
- [What is Intune?](/mem/intune/fundamentals/what-is-intune)
- [Windows 10 policy CSP](./mdm/policy-configuration-service-provider.md)
-- [Windows 10 configuration service providers](./mdm/configuration-service-provider-reference.md)
+- [Windows 10 configuration service providers](./mdm/index.yml)
diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/management-tool-for-windows-store-for-business.md
similarity index 99%
rename from windows/client-management/mdm/management-tool-for-windows-store-for-business.md
rename to windows/client-management/management-tool-for-windows-store-for-business.md
index e67b40bb24..b970a8175f 100644
--- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
+++ b/windows/client-management/management-tool-for-windows-store-for-business.md
@@ -8,8 +8,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/27/2017
---
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index cbf11a9442..ec6b743d91 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -1,7 +1,7 @@
---
title: Create mandatory user profiles (Windows 10 and Windows 11)
description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
-ms.prod: w10
+ms.prod: windows-client
author: vinaypamnani-msft
ms.author: vinpa
ms.date: 09/14/2021
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm-enrollment-of-windows-devices.md
similarity index 100%
rename from windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
rename to windows/client-management/mdm-enrollment-of-windows-devices.md
diff --git a/windows/client-management/mdm/mdm-overview.md b/windows/client-management/mdm-overview.md
similarity index 95%
rename from windows/client-management/mdm/mdm-overview.md
rename to windows/client-management/mdm-overview.md
index d0e376cd1f..bde99823e0 100644
--- a/windows/client-management/mdm/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@@ -58,7 +58,6 @@ For information about the MDM policies defined in the Intune security baseline,
- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
- [Enterprise app management](enterprise-app-management.md)
- [Mobile device management (MDM) for device updates](device-update-management.md)
-- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
- [OMA DM protocol support](oma-dm-protocol-support.md)
- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
- [Server requirements for OMA DM](server-requirements-windows-mdm.md)
@@ -66,7 +65,7 @@ For information about the MDM policies defined in the Intune security baseline,
## Learn about configuration service providers
-- [Configuration service provider reference](configuration-service-provider-reference.md)
- [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
- [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
- [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
+- [Configuration service provider reference](mdm/index.yml)
diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md
index 948207dc6d..f50369aa36 100644
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/22/2021
---
@@ -18,13 +18,13 @@ The table below shows the applicability of Windows:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
-|Pro|No|Yes|
-|Windows SE|No|Yes|
+|Pro|Yes|Yes|
+|Windows SE|Yes|Yes|
|Business|No|No|
-|Enterprise|No|Yes|
-|Education|No|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
-The Language Pack Management CSP allows a direct way to provision languages remotely in Windows. MDMs like Intune can use management commands remotely to devices to configure language-related settings for System and new users.
+The Language Pack Management CSP allows a way to easily add languages and related language features and manage settings like System Preferred UI Language, System Locale, Input method (Keyboard), Locale, Speech Recognizer, User Preferred Language List. This CSP can be accessed using the new [LanguagePackManagement](/powershell/module/languagepackmanagement) PowerShell module.
1. Enumerate installed languages and features with GET command on the "InstalledLanguages" node. Below are the samples:
@@ -95,4 +95,4 @@ The Language Pack Management CSP allows a direct way to provision languages remo
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index 03a75d8a7a..c79bf9d6b9 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -3,15 +3,15 @@ title: AccountManagement CSP
description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
manager: aaroncz
---
-# AccountManagement CSP
+# AccountManagement CSP
AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
@@ -31,23 +31,23 @@ AccountManagement
--------ProfileInactivityThreshold
```
-**./Vendor/MSFT/AccountManagement**
+**./Vendor/MSFT/AccountManagement**
Root node for the AccountManagement configuration service provider.
-**UserProfileManagement**
-Interior node.
+**UserProfileManagement**
+Interior node.
-**UserProfileManagement/EnableProfileManager**
+**UserProfileManagement/EnableProfileManager**
Enable profile lifetime management for shared or communal device scenarios. Default value is false.
Supported operations are Add, Get, Replace, and Delete.
Value type is bool.
-**UserProfileManagement/DeletionPolicy**
+**UserProfileManagement/DeletionPolicy**
Configures when profiles will be deleted. Default value is 1.
-Valid values:
+Valid values:
- 0 - delete immediately when the device returns to a state with no currently active users
- 1 - delete at storage capacity threshold
@@ -57,25 +57,25 @@ Supported operations are Add, Get, Replace, and Delete.
Value type is integer.
-**UserProfileManagement/StorageCapacityStartDeletion**
+**UserProfileManagement/StorageCapacityStartDeletion**
Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
-Supported operations are Add, Get, Replace, and Delete.
+Supported operations are Add, Get, Replace, and Delete.
Value type is integer.
-**UserProfileManagement/StorageCapacityStopDeletion**
+**UserProfileManagement/StorageCapacityStopDeletion**
Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
Supported operations are Add, Get, Replace, and Delete.
Value type is integer.
-**UserProfileManagement/ProfileInactivityThreshold**
+**UserProfileManagement/ProfileInactivityThreshold**
Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
index d425503b6a..f621db9654 100644
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -3,15 +3,15 @@ title: AccountManagement DDF file
description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
manager: aaroncz
---
-# AccountManagement DDF file
+# AccountManagement DDF file
This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index d447311a4e..49a866ecb5 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -3,8 +3,8 @@ title: Accounts CSP
description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, and create local Windows accounts & join them to a group.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/27/2020
ms.reviewer:
@@ -39,44 +39,47 @@ Accounts
------------LocalUserGroup
```
-**./Device/Vendor/MSFT/Accounts**
+**./Device/Vendor/MSFT/Accounts**
Root node.
-**Domain**
+**Domain**
Interior node for the account domain information.
-**Domain/ComputerName**
+**Domain/ComputerName**
This node specifies the DNS hostname for a device. This setting can be managed remotely, but this remote management isn't supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters.
Available naming macros:
|Macro|Description|Example|Generated Name|
|:---|:---|:---|:---|
-|%RAND:<# of digits>|Generates the specified number of random digits.|Test%RAND:6%|Test123456|
-|%SERIAL%|Generates the serial number derived from the device. If the serial number causes the new name to exceed the 15 character limit, the serial number will be truncated from the beginning of the sequence.|Test-Device-%SERIAL%|Test-Device-456|
+|`%RAND:#%`|Generates the specified number (`#`) of random digits.|`Test%RAND:6%`|`Test123456`|
+|`%SERIAL%`|Generates the serial number derived from the device. If the serial number causes the new name to exceed the 15 character limit, the serial number will be truncated from the beginning of the sequence.|`Test-Device-%SERIAL%`|`Test-Device-456`|
+
+> [!NOTE]
+> If you use these naming macros, a unique name isn't guaranteed. The generated name may still be duplicated. To reduce the likelihood of a duplicated device name, use `%RAND:#%` with a large number. With the understanding that the maximum device name is 15 characters.
Supported operation is Add.
> [!Note]
> For desktop PCs on Windows 10, version 2004 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md).
-**Users**
+**Users**
Interior node for the user account information.
-**Users/_UserName_**
+**Users/_UserName_**
This node specifies the username for a new local user account. This setting can be managed remotely.
-**Users/_UserName_/Password**
+**Users/_UserName_/Password**
This node specifies the password for a new local user account. This setting can be managed remotely.
Supported operation is Add.
GET operation isn't supported. This setting will report as failed when deployed from the Endpoint Manager.
-**Users/_UserName_/LocalUserGroup**
+**Users/_UserName_/LocalUserGroup**
This optional node specifies the local user group that a local user account should be joined to. If the node isn't set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
Supported operation is Add.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
index b2bffb3a42..afd14959c5 100644
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -3,8 +3,8 @@ title: Accounts DDF file
description: View the XML file containing the device description framework (DDF) for the Accounts configuration service provider.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 04/17/2018
ms.reviewer:
@@ -42,7 +42,7 @@ The XML below is for Windows 10, version 1803 and later.
- com.microsoft/1.0/MDM/Accounts
+ com.microsoft/1.0/MDM/Accounts
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index d174729230..5fe3530eca 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -69,7 +69,7 @@ ActiveSync
```
-**./User/Vendor/MSFT/ActiveSync**
+**./User/Vendor/MSFT/ActiveSync**
The root node for the ActiveSync configuration service provider.
> [!NOTE]
@@ -81,12 +81,12 @@ The `./Vendor/MSFT/ActiveSync` path is deprecated, but will continue to work in
The supported operation is Get.
-**Accounts**
+**Accounts**
The root node for all ActiveSync accounts.
The supported operation is Get.
-***Account GUID***
+***Account GUID***
Defines a specific ActiveSync account. A globally unique identifier (GUID) must be generated for each ActiveSync account on the device.
Supported operations are Get, Add, and Delete.
@@ -109,63 +109,63 @@ For OMA DM, you must use the ASCII values of %7B and %7D for the opening and clo
```
-***Account GUID*/EmailAddress**
+***Account GUID*/EmailAddress**
Required. A character string that specifies the email address associated with the Exchange ActiveSync account.
Supported operations are Get, Replace, and Add (can't Add after the account is created).
This email address is entered by the user during setup and must be in the fully qualified email address format, for example, "someone@example.com".
-***Account GUID*/Domain**
+***Account GUID*/Domain**
Optional for Exchange. Specifies the domain name of the Exchange server.
Supported operations are Get, Replace, Add, and Delete.
-***Account GUID*/AccountIcon**
+***Account GUID*/AccountIcon**
Required. A character string that specifies the location of the icon associated with the account.
Supported operations are Get, Replace, and Add (can't Add after the account is created).
The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired.
-***Account GUID*/AccountType**
+***Account GUID*/AccountType**
Required. A character string that specifies the account type.
Supported operations are Get and Add (can't Add after the account is created).
This value is entered during setup and can't be modified once entered. An Exchange account is indicated by the string value "Exchange".
-***Account GUID*/AccountName**
+***Account GUID*/AccountName**
Required. A character string that specifies the name that refers to the account on the device.
Supported operations are Get, Replace, and Add (can't Add after the account is created).
-***Account GUID*/Password**
+***Account GUID*/Password**
Required. A character string that specifies the password for the account.
Supported operations are Get, Replace, Add, and Delete.
For the Get command, only asterisks are returned.
-***Account GUID*/ServerName**
+***Account GUID*/ServerName**
Required. A character string that specifies the server name used by the account.
Supported operations are Get, Replace, and Add (can't Add after the account is created).
-***Account GUID*/UserName**
+***Account GUID*/UserName**
Required. A character string that specifies the user name for the account.
Supported operations are Get, and Add (can't Add after the account is created).
The user name can't be changed after a sync has been successfully performed. The user name can be in the fully qualified format "someone@example.com", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "someone@example.com".
-**Options**
+**Options**
Node for other parameters.
-**Options/CalendarAgeFilter**
+**Options/CalendarAgeFilter**
Specifies the time window used for syncing calendar items to the device. Value type is chr.
-**Options/Logging**
+**Options/Logging**
Required. A character string that specifies whether diagnostic logging is enabled and at what level. The default is 0 (disabled).
Supported operations are Get, Replace, and Add (can't Add after the account is created).
@@ -180,7 +180,7 @@ Valid values are any of the following values:
Logging is set to off by default. The user might be asked to set this logging to Basic or Advanced when having a sync issue that customer support is investigating. Setting the logging level to Advanced has more of a performance impact than Basic.
-**Options/MailBodyType**
+**Options/MailBodyType**
Indicates the email format. Valid values:
- 0 - none
@@ -189,13 +189,13 @@ Indicates the email format. Valid values:
- 3 - RTF
- 4 - MIME
-**Options/MailHTMLTruncation**
+**Options/MailHTMLTruncation**
Specifies the size beyond which HTML-formatted email messages are truncated when they're synchronized to the mobile device. The value is specified in KB. A value of -1 disables truncation.
-**Options/MailPlainTextTruncation**
+**Options/MailPlainTextTruncation**
This setting specifies the size beyond which text-formatted e-mail messages are truncated when they're synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation.
-**Options/UseSSL**
+**Options/UseSSL**
Optional. A character string that specifies whether SSL is used.
Supported operations are Get, Replace, and Add (can't Add after the account is created).
@@ -206,7 +206,7 @@ Valid values are:
- 1 (default) - SSL is used.
-**Options/Schedule**
+**Options/Schedule**
Required. A character string that specifies the time until the next sync is performed, in minutes. The default value is -1.
Supported operations are Get and Replace.
@@ -223,7 +223,7 @@ Valid values are any of the following values:
- 60 - Sync every 60 minutes
-**Options/MailAgeFilter**
+**Options/MailAgeFilter**
Required. A character string that specifies the time window used for syncing email items to the device. The default value is 3.
Supported operations are Get and Replace.
@@ -240,7 +240,7 @@ Valid values are any of the following values:
- 5 – Email up to a month old is synced to the device.
-**Options/ContentTypes/***Content Type GUID*
+**Options/ContentTypes/***Content Type GUID*
Defines the type of content to be individually enabled/disabled for sync.
The *GUID* values allowed are any of the following values:
@@ -253,7 +253,7 @@ The *GUID* values allowed are any of the following values:
- Tasks: "{783ae4f6-4c12-4423-8270-66361260d4f1}"
-**Options/ContentTypes/*Content Type GUID*/Enabled**
+**Options/ContentTypes/*Content Type GUID*/Enabled**
Required. A character string that specifies whether sync is enabled or disabled for the selected content type. The default is "1" (enabled).
Supported operations are Get, Replace, and Add (can't Add after the account is created).
@@ -263,7 +263,7 @@ Valid values are any of the following values:
- 0 - Sync for email, contacts, calendar, or tasks are disabled.
- 1 (default) - Sync is enabled.
-**Options/ContentTypes/*Content Type GUID*/Name**
+**Options/ContentTypes/*Content Type GUID*/Name**
Required. A character string that specifies the name of the content type.
> [!NOTE]
@@ -273,28 +273,28 @@ Supported operations are Get, Replace, and Add (can't Add after the account is c
When you use Add or Replace inside an atomic block in the SyncML, the CSP returns an error and provisioning fails. When you use Add or Replace outside of the atomic block, the error is ignored and the account is provisioned as expected.
-**Policies**
+**Policies**
Node for mail body type and email age filter.
-**Policies/MailBodyType**
+**Policies/MailBodyType**
Required. Specifies the email body type: HTML or plain.
Value type is string.
Supported operations are Add, Get, Replace, and Delete.
-**Policies/MaxMailAgeFilter**
+**Policies/MaxMailAgeFilter**
Required. Specifies the time window used for syncing mail items to the device.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
+[Configuration service provider reference](index.yml)
+
+
+
+
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index 323fc038e9..0bf7e5329b 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **ActiveSync** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md
index e8aab159fb..d123dc8037 100644
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -164,9 +164,9 @@ Get the firewall PrivateProfile
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
+[Configuration service provider reference](index.yml)
+
+
diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md
index edc188feac..f5a886a028 100644
--- a/windows/client-management/mdm/alljoynmanagement-ddf.md
+++ b/windows/client-management/mdm/alljoynmanagement-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **AllJoynManagement** configuration service provider. This CSP was added in Windows 10, version 1511.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
```xml
@@ -93,7 +93,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
- The set of Ports that this AllJoyn Object uses to communicate configuration settings through.
+ The set of Ports that this AllJoyn Object uses to communicate configuration settings through.
Typically, only one port is used for communication, but it is possible that additional ports may be specified.
@@ -186,7 +186,7 @@ For example an AllJoyn Bridge with the Microsoft specific AllJoyn Configuration
- This is the Credential Store. An Administrator can set credentials for each AllJoyn device that requires authentication at this node.
+ This is the Credential Store. An Administrator can set credentials for each AllJoyn device that requires authentication at this node.
If a SYNCML request arrives in the CSP to replace or query a configuration item on an AllJoyn Object that requires authentication, then the CSP will use the Credentials stored here during the authentication phase.
diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md
index 466550a3e5..03d9b18055 100644
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -40,5 +40,5 @@ For the device to decode correctly, provisioning XML that contains the APPLICATI
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index 62648efd94..749f34bf9b 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -3,8 +3,8 @@ title: ApplicationControl CSP DDF
description: View the OMA DM device description framework (DDF) for the ApplicationControl configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 07/10/2019
---
@@ -13,7 +13,7 @@ ms.date: 07/10/2019
This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
```xml
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index e587cf8a3c..454ca55f69 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -3,8 +3,8 @@ title: ApplicationControl CSP
description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.reviewer: jsuther1974
ms.date: 09/10/2020
@@ -55,22 +55,22 @@ ApplicationControl
----DeviceID
```
-**./Vendor/MSFT/ApplicationControl**
+**./Vendor/MSFT/ApplicationControl**
Defines the root node for the ApplicationControl CSP.
Scope is permanent. Supported operation is Get.
-**ApplicationControl/Policies**
+**ApplicationControl/Policies**
An interior node that contains all the policies, each identified by their globally unique identifier (GUID).
Scope is permanent. Supported operation is Get.
-**ApplicationControl/Policies/_Policy GUID_**
+**ApplicationControl/Policies/_Policy GUID_**
The ApplicationControl CSP enforces that the "ID" segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node.
Scope is dynamic. Supported operation is Get.
-**ApplicationControl/Policies/_Policy GUID_/Policy**
+**ApplicationControl/Policies/_Policy GUID_/Policy**
This node is the policy binary itself, which is encoded as base64.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -79,19 +79,19 @@ Value type is b64. Supported value is a binary file, converted from the policy X
Default value is empty.
-**ApplicationControl/Policies/_Policy GUID_/PolicyInfo**
+**ApplicationControl/Policies/_Policy GUID_/PolicyInfo**
An interior node that contains the nodes that describe the policy indicated by the GUID.
Scope is dynamic. Supported operation is Get.
-**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version**
+**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version**
This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing uses a uint64 as the containing data type.
Scope is dynamic. Supported operation is Get.
Value type is char.
-**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective**
+**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective**
This node specifies whether a policy is loaded by the enforcement engine and is in effect on a system.
Scope is dynamic. Supported operation is Get.
@@ -101,7 +101,7 @@ Value type is bool. Supported values are as follows:
- True—Indicates that the policy is loaded by the enforcement engine and is in effect on a system.
- False—Indicates that the policy isn't loaded by the enforcement engine and isn't in effect on a system. This value is the default value.
-**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed**
+**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed**
This node specifies whether a policy is deployed on the system and is present on the physical machine.
Scope is dynamic. Supported operation is Get.
@@ -111,7 +111,7 @@ Value type is bool. Supported values are as follows:
- True—Indicates that the policy is deployed on the system and is present on the physical machine.
- False—Indicates that the policy isn't deployed on the system and isn't present on the physical machine. This value is the default value.
-**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized**
+**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized**
This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy can't take effect on the system.
Scope is dynamic. Supported operation is Get.
@@ -136,21 +136,21 @@ The following table provides the result of this policy based on different values
\* denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the `END_COMMAND_PROCESSING` will result in a fail.
-**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status**
+**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status**
This node specifies whether the deployment of the policy indicated by the GUID was successful.
Scope is dynamic. Supported operation is Get.
Value type is integer. Default value is 0 = OK.
-**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName**
+**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName**
This node provides the friendly name of the policy indicated by the policy GUID.
Scope is dynamic. Supported operation is Get.
Value type is char.
-## Microsoft Endpoint Manager Intune Usage Guidance
+## Microsoft Endpoint Manager Intune Usage Guidance
For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
@@ -301,7 +301,7 @@ An example of Delete command is:
## PowerShell and WMI Bridge Usage Guidance
-The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](./using-powershell-scripting-with-the-wmi-bridge-provider.md).
+The ApplicationControl CSP can also be managed locally from PowerShell or via Configuration Manager's task sequence scripting by using the [WMI Bridge Provider](../using-powershell-scripting-with-the-wmi-bridge-provider.md).
### Setup for using the WMI Bridge
@@ -331,4 +331,4 @@ Get-CimInstance -Namespace $namespace -ClassName $policyClassName
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
\ No newline at end of file
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index abccc814e8..a21b6f8223 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/19/2019
---
@@ -75,10 +75,10 @@ AppLocker
----------------Policy
----------------EnforcementMode
```
-**./Vendor/MSFT/AppLocker**
+**./Vendor/MSFT/AppLocker**
Defines the root node for the AppLocker configuration service provider.
-**AppLocker/ApplicationLaunchRestrictions**
+**AppLocker/ApplicationLaunchRestrictions**
Defines restrictions for applications.
> [!NOTE]
@@ -89,123 +89,123 @@ Defines restrictions for applications.
> [!NOTE]
> The AppLocker CSP will schedule a reboot when a policy is applied or when a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_**
Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define.
Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE**
Defines restrictions for launching executable applications.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/EnforcementMode**
The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
The data type is a string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/EXE/NonInteractiveProcessEnforcement**
The data type is a string.
Supported operations are Add, Delete, Get, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI**
Defines restrictions for executing Windows Installer files.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-Data type is string.
+Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/MSI/EnforcementMode**
The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
-The data type is a string.
+The data type is a string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script**
Defines restrictions for running scripts.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-Data type is string.
+Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/Script/EnforcementMode**
The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
The data type is a string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps**
Defines restrictions for running apps from the Microsoft Store.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/StoreApps/EnforcementMode**
The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
The data type is a string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL**
Defines restrictions for processing DLL files.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/EnforcementMode**
The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) doesn't affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
The data type is a string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/DLL/NonInteractiveProcessEnforcement**
The data type is a string.
Supported operations are Add, Delete, Get, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity**
-This node is only supported on the desktop.
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity**
+This node is only supported on the desktop.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy**
+**AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
Data type is Base64.
@@ -215,7 +215,7 @@ Supported operations are Get, Add, Delete, and Replace.
> [!NOTE]
> To use Code Integrity Policy, you first need to convert the policies to binary format using the `ConvertFrom-CIPolicy` cmdlet. Then a Base64-encoded blob of the binary policy representation should be created (for example, using the [certutil -encode](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)) command line tool) and added to the Applocker-CSP.
-**AppLocker/EnterpriseDataProtection**
+**AppLocker/EnterpriseDataProtection**
Captures the list of apps that are allowed to handle enterprise data. Should be used with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications aren't protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
@@ -239,30 +239,30 @@ Additional information:
- [Recommended blocklist for Windows Information Protection](#recommended-blocklist-for-windows-information-protection) - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This prevention ensures an administrator doesn't accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
-**AppLocker/EnterpriseDataProtection/_Grouping_**
+**AppLocker/EnterpriseDataProtection/_Grouping_**
Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it's to determine what their purpose is, and to not conflict with other identifiers that they define.
Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/EnterpriseDataProtection/_Grouping_/EXE**
+**AppLocker/EnterpriseDataProtection/_Grouping_/EXE**
Defines restrictions for launching executable applications.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy**
+**AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
-Data type is string.
+Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps**
+**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps**
Defines restrictions for running apps from the Microsoft Store.
Supported operations are Get, Add, Delete, and Replace.
-**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy**
+**AppLocker/EnterpriseDataProtection/_Grouping_/StoreApps/Policy**
Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
Data type is string.
@@ -1350,7 +1350,7 @@ In this example, Contoso is the node name. We recommend using a GUID for this no
-
+
@@ -1467,4 +1467,4 @@ In this example, Contoso is the node name. We recommend using a GUID for this no
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index 30adaa5b15..d0e4446e1c 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **AppLocker** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
```xml
diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md
index 4c9943e332..9daa087800 100644
--- a/windows/client-management/mdm/applocker-xsd.md
+++ b/windows/client-management/mdm/applocker-xsd.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -16,1267 +16,1267 @@ ms.date: 06/26/2017
Here's the XSD for the AppLocker CSP.
```xml
-
+
-
+ version="1.0">
-
-
-
+
-
+
-
- type="PolicyType">
+
+ type="PolicyType">
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
-
-
+
-
+
-
+
-
- type="RuleCollectionType"
+
- minOccurs="0"
+
+ type="RuleCollectionType"
-
+ minOccurs="0"
-
- type="PolicyExtensionsType"
+
- minOccurs="0"
+
+ type="PolicyExtensionsType"
-
+ minOccurs="0"
-
+ maxOccurs="1">
-
- type="PolicyVersionType"
+
- use="required"/>
+
+ type="PolicyVersionType"
-
+ use="required"/>
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
-
-
+
-
- maxOccurs="unbounded">
+
-
- type="FilePublisherRuleType"
+
- minOccurs="0"
+
+ maxOccurs="unbounded">
-
+
- maxOccurs="unbounded">
+
-
+
- maxOccurs="unbounded">
+
-
+
+ type="FileHashRuleType"
-
- minOccurs="0"
+
- maxOccurs="1">
+
-
+
+ type="RuleCollectionExtensionsType"
-
- use="required"/>
+
-
- type="EnforcementModeType"
+
+ type="xs:string"
-
+ use="required"/>
-
+
+ type="EnforcementModeType"
-
+ use="optional"/>
-
+
-
-
-
- type="ThresholdPolicyExtensionsType"
+
- minOccurs="1"
+
- maxOccurs="1" />
+
-
- minOccurs="0"
+
+ type="ThresholdPolicyExtensionsType"
-
+ minOccurs="1"
-
+ maxOccurs="1" />
-
+
+ minOccurs="0"
-
+ maxOccurs="unbounded" />
-
+
-
+
-
-
- minOccurs="1"
+
- maxOccurs="1">
+
-
+
-
+
-
+
-
+
-
+
-
+
+ minOccurs="0"
-
+ maxOccurs="unbounded" />
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
- type="FilePublisherRuleConditionsType"
- minOccurs="1"
- maxOccurs="1" />
+
-
- type="FilePublisherRuleExceptionsType"
+
- minOccurs="0"
+
- maxOccurs="1" />
+
-
+
+ type="FilePublisherRuleConditionsType"
-
+ minOccurs="1"
-
+ maxOccurs="1" />
-
+
+ type="FilePublisherRuleExceptionsType"
-
+ minOccurs="0"
-
+ maxOccurs="1" />
-
+
-
- type="FilePathRuleConditionsType"
+
- minOccurs="1"
- maxOccurs="1" />
-
- type="FilePathRuleExceptionsType"
+
- minOccurs="0"
+
- maxOccurs="1" />
+
-
+
-
+
+ type="FilePathRuleConditionsType"
-
+ minOccurs="1"
-
+ maxOccurs="1" />
-
+
+ type="FilePathRuleExceptionsType"
-
+ minOccurs="0"
-
+ maxOccurs="1" />
-
- type="FileHashRuleConditionsType"
+
- minOccurs="1"
+
- maxOccurs="1" />
-
-
+
-
+
-
+
-
+
-
+
-
+
+ type="FileHashRuleConditionsType"
-
+ minOccurs="1"
-
- type="FilePublisherConditionType"
+
- minOccurs="1"
+
- maxOccurs="1"/>
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
+ minOccurs="1"
-
- type="FilePublisherConditionType"
+
- minOccurs="0"
+
- maxOccurs="unbounded"/>
-
- minOccurs="0"
+
- maxOccurs="unbounded"/>
+
-
- type="FileHashConditionType"
+
- minOccurs="0"
+
+ maxOccurs="unbounded">
-
+
+ type="FilePublisherConditionType"
-
+ minOccurs="0"
-
+ maxOccurs="unbounded"/>
-
+
+ type="FilePathConditionType"
-
+ minOccurs="0"
-
+ maxOccurs="unbounded"/>
-
+
- maxOccurs="1"/>
+
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
- maxOccurs="unbounded">
+
- maxOccurs="unbounded"/>
+
-
- type="FilePublisherConditionType"
- minOccurs="0"
- maxOccurs="unbounded"/>
+
-
- type="FileHashConditionType"
+
- minOccurs="0"
+
- maxOccurs="unbounded"/>
+
-
+
+ maxOccurs="unbounded">
-
+
+ minOccurs="0"
-
+ maxOccurs="unbounded"/>
-
+
+ type="FilePublisherConditionType"
-
+ minOccurs="0"
-
- type="FileHashConditionType"
+
+ minOccurs="0"
-
+ maxOccurs="unbounded"/>
-
+
-
+
-
+
-
-
-
+
-
- type="GuidType"
+
- use="required"/>
+
-
- type="RuleNameType"
+
+ type="FileHashConditionType"
-
- use="required"/>
+
-
- type="SidType"
- use="required"/>
-
- type="RuleActionType"
+
- use="required"/>
+
-
+
-
+
+ type="GuidType"
-
+ use="required"/>
-
+
+ type="RuleNameType"
-
+ use="required"/>
-
+
+ type="RuleDescriptionType"
-
+ use="required"/>
-
+
+ use="required"/>
-
+
+ type="RuleActionType"
-
+ use="required"/>
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
- type="FileVersionRangeType"
+
- minOccurs="1"
- maxOccurs="1" />
-
+
-
- type="PublisherNameType"
+
- use="required"/>
+
-
- type="ProductNameType"
+
- use="required"/>
+
-
- type="BinaryNameType"
+
- use="required"/>
-
-
+
-
+
-
+
-
+
-
+
-
+
+ type="FileVersionRangeType"
-
+ minOccurs="1"
-
+ maxOccurs="1" />
-
+
-
+
+ type="PublisherNameType"
-
+ use="required"/>
-
+
+ type="ProductNameType"
-
+ use="required"/>
-
+
+ use="required"/>
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
- type="FileVersionType"
+
- use="required"/>
+
-
+
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
+ type="FileVersionType"
-
+ use="required"/>
-
+
+ type="FileVersionType"
-
+ use="required"/>
-
+
-
-
-
+
-
+
-
+
-
+
-
- type="FilePathType"
+
- use="required"/>
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
- type="FileHashType"
+
- minOccurs="1"
- maxOccurs="unbounded"/>
-
+
-
+
-
+
-
+
-
+
+ type="FilePathType"
-
+ use="required"/>
-
- type="HashType"
- use="required"/>
-
- type="HashDataType"
+
- use="required"/>
+
-
- type="xs:string"
+
- use="optional"/>
+
-
- type="xs:integer"
+
- use="optional"/>
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
+ type="FileHashType"
-
+ minOccurs="1"
-
+ maxOccurs="unbounded"/>
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
+ type="HashType"
-
+ use="required"/>
-
+
+ type="HashDataType"
-
+ use="required"/>
-
+
+ type="xs:string"
-
+ use="optional"/>
-
+
+ type="xs:integer"
-
+ use="optional"/>
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
-
- use="required"/>
+
-
+
-
+
-
+
-
-
-
+
-
+
-
- type="ServicesType"
+
- minOccurs="0"
+
- maxOccurs="1" />
-
-
+
-
+
-
+
-
+
-
+
-
-
-
- type="PluginsType"
+
- minOccurs="0"
+
- maxOccurs="1" />
+
-
+
-
+
-
+
-
+
-
+
-
- type="PluginType"
- minOccurs="0"
- maxOccurs="unbounded" />
+
-
+
-
+
-
+
-
+
+ type="ServicesEnforcementModeType"
-
- type="ExecutionCategoriesType"
+
- minOccurs="1"
- maxOccurs="1" />
-
+
-
+
-
+
-
+
-
+
-
+
+ type="ServicesType"
-
- minOccurs="1"
+
- maxOccurs="unbounded" />
+
-
-
-
+
-
+
-
+
-
- type="PluginPoliciesType"
+
- minOccurs="0"
+
+ type="PluginsType"
-
+ minOccurs="0"
-
- type="GuidType" />
+
-
- type="AttributeListType"
- use="optional" />
-
+
-
+
-
+
+ type="PluginType"
-
+ minOccurs="0"
-
+ maxOccurs="unbounded" />
-
+
-
+
-
-
-
+
-
+
-
+
+ minOccurs="1"
-
+ maxOccurs="1" />
-
- type="PluginPolicyType"
+
- minOccurs="0"
+
- maxOccurs="unbounded" />
+
-
-
-
+
-
+
-
+ type="ExecutionCategoryType"
-
+ minOccurs="1"
-
+ maxOccurs="unbounded" />
-
+
-
+
-
-
-
+
-
+
-
+
+ type="PluginPoliciesType"
-
+ minOccurs="0"
-
+ maxOccurs="1" />
-
+
-
+
+ type="GuidType" />
-
+
+ type="AttributeListType"
-
+ use="optional" />
-
+
-
-
-
+
-
+
-
+
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
```
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index c0085b11e0..cc8530ec85 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 05/03/2022
---
@@ -45,7 +45,7 @@ The following example shows the AssignedAccess configuration service provider in
./Vendor/MSFT
AssignedAccess
----KioskModeApp
-----Configuration (Added in Windows 10, version 1709)
+----Configuration (Added in Windows 10, version 1709)
----Status (Added in Windows 10, version 1803)
----ShellLauncher (Added in Windows 10, version 1803)
----StatusConfiguration (Added in Windows 10, version 1803)
@@ -67,7 +67,7 @@ For more information, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Educ
> [!Note]
> You can't set both KioskModeApp and ShellLauncher at the same time on the device.
-Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md).
+Starting in Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](../enterprise-app-management.md).
Here's an example:
@@ -358,7 +358,7 @@ The schema below is for AssignedAccess Configuration up to Windows 10 20H2 relea
-
+
@@ -533,7 +533,7 @@ Schema for Windows 10 prerelease
-
+
@@ -1090,7 +1090,7 @@ Status Get
## ShellLauncherConfiguration XSD
-Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. The original V1 XSD has a reference to the V2 XSD.
+Shell Launcher V2 uses a separate XSD and namespace for backward compatibility. The original V1 XSD has a reference to the V2 XSD.
```xml
@@ -1420,12 +1420,12 @@ ShellLauncher V2 Add
-
-
-
-
-
-
+
+
+
+
+
+
@@ -1597,4 +1597,4 @@ This example configures the following apps: Skype, Learning, Feedback Hub, and C
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 36b3670dac..4e49481095 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 02/22/2018
---
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index a9cfa0de6d..7974e3a245 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -3,14 +3,13 @@ title: BitLocker CSP
description: Learn how the BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/04/2022
ms.reviewer:
manager: aaroncz
-ms.collection: highpri
---
# BitLocker CSP
@@ -19,7 +18,7 @@ The BitLocker configuration service provider (CSP) is used by the enterprise to
> [!NOTE]
> Settings are enforced only at the time encryption is started. Encryption isn't restarted with settings changes.
->
+>
> You must send all the settings together in a single SyncML to be effective.
A `Get` operation on any of the settings, except for `RequireDeviceEncryption` and `RequireStorageCardEncryption`, returns the setting configured by the admin.
@@ -61,13 +60,13 @@ BitLocker
```
> [!TIP]
-> Some of the policies here are ADMX-backed policies. For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
+> Some of the policies here are ADMX-backed policies. For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](../enable-admx-backed-policies-in-mdm.md). For more information, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
-**./Device/Vendor/MSFT/BitLocker**
+**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
-**RequireDeviceEncryption**
+**RequireDeviceEncryption**
Allows the administrator to require encryption that needs to be turned on by using BitLocker\Device Encryption.
@@ -100,7 +99,7 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix
The following list shows the supported values:
- 0 (default): Disable. If the policy setting isn't set or is set to 0, the device's enforcement status isn't checked. The policy doesn't enforce encryption and it doesn't decrypt encrypted volumes.
-- 1: Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
+- 1: Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
If you want to disable this policy, use the following SyncML:
@@ -120,7 +119,7 @@ If you want to disable this policy, use the following SyncML:
-
+
```
> [!NOTE]
@@ -178,9 +177,9 @@ If you disable or don't configure this policy setting, BitLocker will use the de
- 7 = XTS-AES 256
> [!NOTE]
-> When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.
+> When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.
- If you want to disable this policy, use the following SyncML:
+ If you want to disable this policy, use the following SyncML:
```xml
@@ -202,7 +201,7 @@ Data type is string.
Supported operations are Add, Get, Replace, and Delete.
-**IdentificationField**
+**IdentificationField**
Allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker.
@@ -260,7 +259,7 @@ If you disable or don't configure this setting, the identification field isn't r
-**SystemDrivesEnablePreBootPinExceptionOnDECapableDevice**
+**SystemDrivesEnablePreBootPinExceptionOnDECapableDevice**
Allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication.
@@ -300,7 +299,7 @@ If this policy is disabled, the options of "Require additional authentication at
-**SystemDrivesEnhancedPIN**
+**SystemDrivesEnhancedPIN**
Allows users to configure whether or not enhanced startup PINs are used with BitLocker.
@@ -343,7 +342,7 @@ If you disable or don't configure this policy setting, enhanced PINs won't be us
-**SystemDrivesDisallowStandardUsersCanChangePIN**
+**SystemDrivesDisallowStandardUsersCanChangePIN**
Allows you to configure whether standard users are allowed to change BitLocker PIN or password that is used to protect the operating system drive.
@@ -386,7 +385,7 @@ Sample value for this node to disable this policy is:
-**SystemDrivesEnablePrebootInputProtectorsOnSlates**
+**SystemDrivesEnablePrebootInputProtectorsOnSlates**
Allows users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.
@@ -436,7 +435,7 @@ When the Windows Recovery Environment isn't enabled and this policy isn't enable
-**SystemDrivesEncryptionType**
+**SystemDrivesEncryptionType**
Allows you to configure the encryption type that is used by BitLocker.
@@ -477,14 +476,14 @@ Sample value for this node to enable this policy is:
If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
>[!Note]
->This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method.
+>This policy is ignored when shrinking or expanding a volume, and the BitLocker driver uses the current encryption method.
>For example, when a drive that's using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that uses Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: `manage-bde -w`. If the volume is shrunk, no action is taken for the new free space.
For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
-**SystemDrivesRequireStartupAuthentication**
+**SystemDrivesRequireStartupAuthentication**
This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
@@ -529,7 +528,7 @@ If you disable or don't configure this setting, users can configure only basic o
> [!NOTE]
> If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
-> [!NOTE]
+> [!NOTE]
> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern Standby devices won't be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN.
Sample value for this node to enable this policy is:
@@ -576,13 +575,13 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Replace, and Delete.
-**SystemDrivesMinimumPINLength**
+**SystemDrivesMinimumPINLength**
This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
@@ -611,7 +610,7 @@ ADMX Info:
This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of six digits and can have a maximum length of 20 digits.
> [!NOTE]
-> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits.
+> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits.
>
>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This doesn't apply to TPM 1.2.
@@ -642,13 +641,13 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Replace, and Delete.
-**SystemDrivesRecoveryMessage**
+**SystemDrivesRecoveryMessage**
This setting is a direct mapping to the BitLocker Group Policy "Configure pre-boot recovery message and URL"
(PrebootRecoveryInfo_Name).
@@ -721,12 +720,12 @@ Disabling the policy will let the system choose the default behaviors. If you w
> [!NOTE]
> Not all characters and languages are supported in pre-boot. It's strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Replace, and Delete.
-**SystemDrivesRecoveryOptions**
+**SystemDrivesRecoveryOptions**
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
@@ -754,7 +753,7 @@ ADMX Info:
This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of required startup key information. This setting is applied when you turn on BitLocker.
-The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see the BitLocker Drive Encryption Deployment Guide on Microsoft Docs.
+The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see [BitLocker recovery guide](/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan).
In "OSRecoveryPasswordUsageDropDown_Name" and "OSRecoveryKeyUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
@@ -777,18 +776,18 @@ Sample value for this node to enable this policy is:
```
-The possible values for 'xx' are:
+The possible values for 'xx' are:
- true = Explicitly allow
- false = Policy not set
-The possible values for 'yy' are:
+The possible values for 'yy' are:
- 2 = Allowed
- 1 = Required
- 0 = Disallowed
-The possible values for 'zz' are:
+The possible values for 'zz' are:
- 2 = Store recovery passwords only.
- 1 = Store recovery passwords and key packages.
@@ -810,12 +809,12 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Replace, and Delete.
-**FixedDrivesRecoveryOptions**
+**FixedDrivesRecoveryOptions**
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
@@ -843,7 +842,7 @@ ADMX Info:
This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.
-The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see the BitLocker Drive Encryption Deployment Guide on Microsoft Docs.
+The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used, it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. For more information about adding data recovery agents, see [BitLocker recovery guide](/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan).
In "FDVRecoveryPasswordUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
@@ -902,12 +901,12 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Replace, and Delete.
-**FixedDrivesRequireEncryption**
+**FixedDrivesRequireEncryption**
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
@@ -960,12 +959,12 @@ If you disable or don't configure this setting, all fixed data drives on the com
```
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Replace, and Delete.
-**FixedDrivesEncryptionType**
+**FixedDrivesEncryptionType**
Allows you to configure the encryption type on fixed data drives that is used by BitLocker.
@@ -1006,14 +1005,14 @@ Sample value for this node to enable this policy is:
If this policy is disabled, the BitLocker Setup Wizard asks the user to select the encryption type before turning on BitLocker.
>[!Note]
->This policy is ignored when you're shrinking or expanding a volume and the BitLocker driver uses the current encryption method.
+>This policy is ignored when you're shrinking or expanding a volume and the BitLocker driver uses the current encryption method.
>For example, when a drive that's using Used Space Only encryption is expanded, the new free space isn't wiped as it would be for a drive that's using Full encryption. The user could wipe the free space on a Used Space Only drive by using the following command: `manage-bde -w`. If the volume is shrunk, no action is taken for the new free space.
For more information about the tool to manage BitLocker, see [Manage-bde](/windows-server/administration/windows-commands/manage-bde).
-**RemovableDrivesRequireEncryption**
+**RemovableDrivesRequireEncryption**
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
@@ -1080,7 +1079,7 @@ Disabling the policy will let the system choose the default behaviors. If you wa
```
-**RemovableDrivesEncryptionType**
+**RemovableDrivesEncryptionType**
Allows you to configure the encryption type that is used by BitLocker.
@@ -1122,7 +1121,7 @@ If this policy is disabled or not configured, the BitLocker Setup Wizard asks th
-**RemovableDrivesConfigureBDE**
+**RemovableDrivesConfigureBDE**
Allows you to control the use of BitLocker on removable data drives.
@@ -1174,7 +1173,7 @@ If you don't configure this policy setting, users can use BitLocker on removable
-**AllowWarningForOtherDiskEncryption**
+**AllowWarningForOtherDiskEncryption**
Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is set to 1.
@@ -1276,10 +1275,10 @@ If you want to disable this policy, use the following SyncML:
-**ConfigureRecoveryPasswordRotation**
+**ConfigureRecoveryPasswordRotation**
-This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys.
+This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys.
@@ -1296,7 +1295,7 @@ This setting initiates a client-driven recovery password refresh after an OS dri
-Value type is int.
+Value type is int.
Supported operations are Add, Delete, Get, and Replace.
@@ -1305,7 +1304,7 @@ Supported operations are Add, Delete, Get, and Replace.
Supported values are:
- 0 – Refresh off (default).
-- 1 – Refresh on for Azure AD-joined devices.
+- 1 – Refresh on for Azure AD-joined devices.
- 2 – Refresh on for both Azure AD-joined and hybrid-joined devices.
@@ -1313,20 +1312,20 @@ Supported values are:
-**RotateRecoveryPasswords**
+**RotateRecoveryPasswords**
This setting refreshes all recovery passwords for OS and fixed drives (removable drives aren't included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. If errors occur, an error code will be returned so that server can take appropriate action to remediate.
-The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.
+The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.
-Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client won't retry, but if needed, the server can reissue the execute request.
+Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client won't retry, but if needed, the server can reissue the execute request.
-Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh.
+Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh.
-Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices can't refresh recovery passwords if they're only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account.
+Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices can't refresh recovery passwords if they're only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account.
Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request.
- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
@@ -1348,6 +1347,13 @@ Value type is string.
Supported operation is Execute. Request ID is expected as a parameter.
+> [!NOTE]
+> Key rotation is supported only on these enrollment types. For more information, see [deviceEnrollmentType enum](/graph/api/resources/intune-devices-deviceenrollmenttype).
+> - windowsAzureADJoin.
+> - windowsBulkAzureDomainJoin.
+> - windowsAzureADJoinUsingDeviceAuth.
+> - windowsCoManagement.
+
> [!TIP]
> Key rotation feature will only work when:
>
@@ -1358,7 +1364,7 @@ Supported operation is Execute. Request ID is expected as a parameter.
> - FDVRequireActiveDirectoryBackup_Name is set to 1 = ("Required").
> - FDVActiveDirectoryBackup_Name is set to true.
-**Status**
+**Status**
Interior node.
Supported operation is Get.
@@ -1366,9 +1372,9 @@ Supported operation is Get.
-**Status/DeviceEncryptionStatus**
+**Status/DeviceEncryptionStatus**
-This node reports compliance state of device encryption on the system.
+This node reports compliance state of device encryption on the system.
@@ -1384,11 +1390,11 @@ This node reports compliance state of device encryption on the system.
-Value type is int.
+Value type is int.
Supported operation is Get.
-Supported values:
+Supported values:
- 0 - Indicates that the device is compliant.
- Any non-zero value - Indicates that the device isn't compliant. This value represents a bitmask with each bit and the corresponding error code described in the following table:
@@ -1419,13 +1425,13 @@ Supported values:
-**Status/RotateRecoveryPasswordsStatus**
+**Status/RotateRecoveryPasswordsStatus**
-This node reports the status of RotateRecoveryPasswords request.
+This node reports the status of RotateRecoveryPasswords request.
-Status code can be one of the following values:
+Status code can be one of the following values:
- 2 – Not started
- 1 - Pending
@@ -1444,7 +1450,7 @@ Status code can be one of the following values:
-Value type is int.
+Value type is int.
Supported operation is Get.
@@ -1452,10 +1458,10 @@ Supported operation is Get.
-**Status/RotateRecoveryPasswordsRequestID**
+**Status/RotateRecoveryPasswordsRequestID**
-This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
@@ -1471,7 +1477,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta
-Value type is string.
+Value type is string.
Supported operation is Get.
@@ -1510,7 +1516,7 @@ The following example is provided to show proper format and shouldn't be taken a
-
+
$CmdID$
@@ -1643,4 +1649,4 @@ The following example is provided to show proper format and shouldn't be taken a
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 663e7d623f..5c397b3bce 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -3,8 +3,8 @@ title: BitLocker DDF file
description: Learn about the OMA DM device description framework (DDF) for the BitLocker configuration service provider.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/30/2019
@@ -14,11 +14,11 @@ manager: aaroncz
# BitLocker DDF file
-This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider.
+This topic shows the OMA DM device description framework (DDF) for the **BitLocker** configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
-The XML below is the current version for this CSP.
+The XML below is the current version for this CSP.
```xml
@@ -642,11 +642,11 @@ The XML below is the current version for this CSP.
require reinstallation of Windows.
Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1.
The format is integer.
- The expected values for this policy are:
+ The expected values for this policy are:
1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
- 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
- the value 0 only takes affect on Azure Active Directory-joined devices.
+ 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
+ the value 0 only takes affect on Azure Active Directory-joined devices.
Windows will attempt to silently enable BitLocker for value 0.
If you want to disable this policy use the following SyncML:
@@ -695,7 +695,7 @@ The XML below is the current version for this CSP.
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user
is the current logged on user in the system.
- The expected values for this policy are:
+ The expected values for this policy are:
1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy
@@ -745,17 +745,17 @@ The XML below is the current version for this CSP.
Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on Azure Active Directory and Hybrid domain joined devices.
- When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when
+ When not configured, Rotation is turned on by default for Azure AD only and off on Hybrid. The Policy will be effective only when
Active Directory back up for recovery password is configured to required.
For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
-
+
Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
1 - Numeric Recovery Passwords Rotation upon use ON for Azure Active Directory-joined devices. Default value
2 - Numeric Recovery Passwords Rotation upon use ON for both Azure AD and Hybrid devices
-
+
If you want to disable this policy use the following SyncML:
-
+
112
@@ -797,20 +797,20 @@ The XML below is the current version for this CSP.
Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device.
This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
-
+
The policy only comes into effect when Active Directory backup for a recovery password is configured to "required."
* For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives."
*For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives."
-
- Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes:
-
-* status\RotateRecoveryPasswordsStatus
- * status\RotateRecoveryPasswordsRequestID
-
-
+ Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes:
+
+* status\RotateRecoveryPasswordsStatus
+ * status\RotateRecoveryPasswordsRequestID
+
+
+
Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
-
+
113
@@ -888,10 +888,10 @@ Supported Values: String form of request ID. Example format of request ID is GUI
- This Node reports the status of RotateRecoveryPasswords request.
+ This Node reports the status of RotateRecoveryPasswords request.
Status code can be one of the following:
- NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure
-
+ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure
+
@@ -914,10 +914,10 @@ Supported Values: String form of request ID. Example format of request ID is GUI
- This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+ This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus
- To ensure the status is correctly matched to the request ID.
-
+ To ensure the status is correctly matched to the request ID.
+
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index 6c97d9489d..f64cf2be86 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -37,7 +37,7 @@ CellularSettings
----DataRoam
```
-**DataRoam**
+**DataRoam**
Optional. Integer. Specifies the default roaming value. Valid values are:
|Value|Setting|
@@ -48,4 +48,4 @@ CellularSettings
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index 585bfdba94..7f9a4ba349 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 02/28/2020
---
@@ -114,7 +114,7 @@ CertificateStore
----------------TemplateName
```
-**Root/System**
+**Root/System**
Defines the certificate store that contains root, or self-signed, certificates.
Supported operation is Get.
@@ -122,7 +122,7 @@ Supported operation is Get.
> [!NOTE]
> Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates.
-**CA/System**
+**CA/System**
Defines the certificate store that contains cryptographic information, including intermediary certification authorities.
Supported operation is Get.
@@ -130,7 +130,7 @@ Supported operation is Get.
> [!NOTE]
> CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates.
-**My/User**
+**My/User**
Defines the certificate store that contains public keys for client certificates. This certificate store is only used by enterprise servers to push down the public key of a client certificate. The client certificate is used by the device client to authenticate itself to the enterprise server for device management and downloading enterprise applications.
Supported operation is Get.
@@ -138,7 +138,7 @@ Supported operation is Get.
> [!NOTE]
> My/User is case sensitive.
-**My/System**
+**My/System**
Defines the certificate store that contains public key for client certificate. This certificate store is only used by enterprise server to push down the public key of the client cert. The client cert is used by the device to authenticate itself to the enterprise server for device management and enterprise app downloading.
Supported operation is Get.
@@ -146,42 +146,42 @@ Supported operation is Get.
> [!NOTE]
> My/System is case sensitive.
-***CertHash***
+***CertHash***
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
Supported operations are Get, Delete, and Replace.
-***CertHash*/EncodedCertificate**
+***CertHash*/EncodedCertificate**
Required. Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc.
Supported operations are Get, Add, Delete, and Replace.
-***CertHash*/IssuedBy**
+***CertHash*/IssuedBy**
Required. Returns the name of the certificate issuer. This name is equivalent to the *Issuer* member in the CERT\_INFO data structure.
Supported operation is Get.
-***CertHash*/IssuedTo**
+***CertHash*/IssuedTo**
Required. Returns the name of the certificate subject. This name is equivalent to the *Subject* member in the CERT\_INFO data structure.
Supported operation is Get.
-***CertHash*/ValidFrom**
+***CertHash*/ValidFrom**
Required. Returns the starting date of the certificate's validity. This date is equivalent to the *NotBefore* member in the CERT\_INFO structure.
Supported operation is Get.
-***CertHash*/ValidTo**
+***CertHash*/ValidTo**
Required. Returns the expiration date of the certificate. This expiration date is equivalent to the *NotAfter* member in the CERT\_INFO structure.
Supported operation is Get.
-***CertHash*/TemplateName**
+***CertHash*/TemplateName**
Required. Returns the certificate template name.
Supported operation is Get.
-**My/SCEP**
+**My/SCEP**
Required for Simple Certificate Enrollment Protocol (SCEP) certificate enrollment. The parent node grouping the SCEP certificate related settings.
Supported operation is Get.
@@ -189,12 +189,12 @@ Supported operation is Get.
> [!NOTE]
> Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP.
-**My/SCEP/***UniqueID*
+**My/SCEP/***UniqueID*
Required for SCEP certificate enrollment. A unique ID to differentiate certificate enrollment requests. Format is node.
Supported operations are Get, Add, Replace, and Delete.
-**My/SCEP/*UniqueID*/Install**
+**My/SCEP/*UniqueID*/Install**
Required for SCEP certificate enrollment. Parent node to group SCEP certificate installs related request. Format is node.
Supported operations are Add, Replace, and Delete.
@@ -202,30 +202,30 @@ Supported operations are Add, Replace, and Delete.
> [!NOTE]
> Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values.
-**My/SCEP/*UniqueID*/Install/ServerURL**
+**My/SCEP/*UniqueID*/Install/ServerURL**
Required for SCEP certificate enrollment. Specifies the certificate enrollment server. The server could specify multiple server URLs separated by a semicolon. Value type is string.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/Challenge**
+**My/SCEP/*UniqueID*/Install/Challenge**
Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Value type is chr.
Supported operations are Get, Add, Replace, and Delete.
Challenge will be deleted shortly after the Exec command is accepted.
-**My/SCEP/*UniqueID*/Install/EKUMapping**
+**My/SCEP/*UniqueID*/Install/EKUMapping**
Required. Specifies the extended key usages and subject to SCEP server configuration. The list of OIDs is separated by a plus sign **+**, such as OID1+OID2+OID3. Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/KeyUsage**
+**My/SCEP/*UniqueID*/Install/KeyUsage**
Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or fourth (0x80) or both bits set. If the value doesn't have those bits set, configuration will fail. Value type is an integer.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/SubjectName**
-Required. Specifies the subject name.
+**My/SCEP/*UniqueID*/Install/SubjectName**
+Required. Specifies the subject name.
The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”).
@@ -235,7 +235,7 @@ Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/KeyProtection**
+**My/SCEP/*UniqueID*/Install/KeyProtection**
Optional. Specifies the location of the private key. Although the private key is protected by TPM, it isn't protected with TPM PIN. SCEP enrolled certificate doesn't support TPM PIN protection.
Supported values are one of the following values:
@@ -250,17 +250,17 @@ Value type is an integer.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/RetryDelay**
+**My/SCEP/*UniqueID*/Install/RetryDelay**
Optional. Specifies the device retry waiting time in minutes when the SCEP server sends the pending status. Default value is 5 and the minimum value is 1. Value type is an integer.
Supported operations are Get, Add, and Delete.
-**My/SCEP/*UniqueID*/Install/RetryCount**
+**My/SCEP/*UniqueID*/Install/RetryCount**
Optional. Special to SCEP. Specifies the device retry times when the SCEP server sends pending status. Value type is an integer. Default value is 3. Max value can't be larger than 30. If it's larger than 30, the device will use 30. The min value is 0, which means no retry.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/TemplateName**
+**My/SCEP/*UniqueID*/Install/TemplateName**
Optional. OID of certificate template name.
> [!Note]
@@ -268,29 +268,29 @@ Optional. OID of certificate template name.
Supported operations are Get, Add, and Delete.
-**My/SCEP/*UniqueID*/Install/KeyLength**
+**My/SCEP/*UniqueID*/Install/KeyLength**
Required for enrollment. Specifies private key length (RSA). Value type is an integer. Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/HashAlgorithm**
+**My/SCEP/*UniqueID*/Install/HashAlgorithm**
Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by the MDM server. If multiple hash algorithm families are specified, they must be separated with +.
Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/CAThumbprint**
+**My/SCEP/*UniqueID*/Install/CAThumbprint**
Required. Specifies the root CA thumbprint. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks CA certificate from SCEP server for a match with this certificate. If it doesn't match, the authentication fails. Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
+**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *\*+*\*;*\*+*\*. Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
-**My/SCEP/*UniqueID*/Install/ValidPeriod**
+**My/SCEP/*UniqueID*/Install/ValidPeriod**
Optional. Specifies the units for the valid period. Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
@@ -304,7 +304,7 @@ Valid values are one of the following values:
> [!NOTE]
> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
-**My/SCEP/*UniqueID*/Install/ValidPeriodUnits**
+**My/SCEP/*UniqueID*/Install/ValidPeriodUnits**
Optional. Specifies desired number of units used in validity period and subject to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. The valid period specified by MDM overwrites the valid period specified in the certificate template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. Value type is an integer.
Supported operations are Get, Add, Delete, and Replace.
@@ -312,17 +312,17 @@ Supported operations are Get, Add, Delete, and Replace.
> [!NOTE]
> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
-**My/SCEP/*UniqueID*/Install/Enroll**
+**My/SCEP/*UniqueID*/Install/Enroll**
Required. Triggers the device to start the certificate enrollment. The MDM server can later query the device to find out whether the new certificate is added. Value type is null, which means that this node doesn't contain a value.
Supported operation is Exec.
-**My/WSTEP/CertThumbprint**
+**My/WSTEP/CertThumbprint**
Optional. Returns the current MDM client certificate thumbprint. If renewal succeeds, it shows the renewed certificate thumbprint. If renewal fails or is in progress, it shows the thumbprint of the cert that needs to be renewed. Value type is chr.
Supported operation is Get.
-**My/SCEP/*UniqueID*/Status**
+**My/SCEP/*UniqueID*/Status**
Required. Specifies the latest status for the certificate due to enrollment request. Value type is chr.
Supported operation is Get.
@@ -337,32 +337,32 @@ Valid values are one of the following values:
- 32 – Unknown.
-**My/SCEP/*UniqueID*/ErrorCode**
+**My/SCEP/*UniqueID*/ErrorCode**
Optional. The integer value that indicates the HRESULT of the last enrollment error code.
Supported operation is Get.
-**My/SCEP/*UniqueID*/CertThumbprint**
+**My/SCEP/*UniqueID*/CertThumbprint**
Optional. Specifies the current certificate thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. Value type is chr.
Supported operation is Get.
-**My/SCEP/*UniqueID*/RespondentServerUrl**
+**My/SCEP/*UniqueID*/RespondentServerUrl**
Required. Returns the URL of the SCEP server that responded to the enrollment request. Value type is string.
Supported operation is Get.
-**My/WSTEP**
+**My/WSTEP**
Required for MDM enrolled device. Specifies the parent node that hosts the MDM enrollment client certificate related settings that are enrolled via WSTEP. The nodes under WSTEP are mostly for MDM client certificate renew requests. Value type is node.
Supported operation is Get.
-**My/WSTEP/Renew**
+**My/WSTEP/Renew**
Optional. The parent node to group renewal related settings.
Supported operation is Get.
-**My/WSTEP/Renew/ServerURL**
+**My/WSTEP/Renew/ServerURL**
Optional. Specifies the URL of certificate renewal server. If this node doesn't exist, the client uses the initial certificate enrollment URL.
> [!NOTE]
@@ -370,7 +370,7 @@ Optional. Specifies the URL of certificate renewal server. If this node doesn't
Supported operations are Add, Get, Delete, and Replace.
-**My/WSTEP/Renew/RenewalPeriod**
+**My/WSTEP/Renew/RenewalPeriod**
Optional. The time (in days) to trigger the client to initiate the MDM client certificate renew process before the MDM certificate expires. The MDM server can't set and update the renewal period. This parameter applies to both manual certificate renewal and request on behalf of (ROBO) certificate renewal. It's recommended that the renew period is set a couple of months before the certificate expires to ensure that the certificate gets renewed successfully with data connectivity.
The default value is 42 and the valid values are 1 – 1000. Value type is an integer.
@@ -380,7 +380,7 @@ Supported operations are Add, Get, Delete, and Replace.
> [!NOTE]
> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
-**My/WSTEP/Renew/RetryInterval**
+**My/WSTEP/Renew/RetryInterval**
Optional. Specifies the retry interval (in days) when the previous renewal failed. It applies to both manual certificate renewal and ROBO automatic certificate renewal. The retry schedule stops at the certificate expiration date.
For ROBO renewal failure, the client retries the renewal periodically until the device reaches the certificate expiration date. This parameter specifies the waiting period for ROBO renewal retries.
@@ -394,7 +394,7 @@ Supported operations are Add, Get, Delete, and Replace.
> [!NOTE]
> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
-**My/WSTEP/Renew/ROBOSupport**
+**My/WSTEP/Renew/ROBOSupport**
Optional. Notifies the client if the MDM enrollment server supports ROBO auto certificate renewal. Value type is bool.
ROBO is the only supported renewal method for Windows 10. This value is ignored and always considered to be true.
@@ -404,7 +404,7 @@ Supported operations are Add, Get, Delete, and Replace.
> [!NOTE]
> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
-**My/WSTEP/Renew/Status**
+**My/WSTEP/Renew/Status**
Required. Shows the latest action status for this certificate. Value type is an integer.
Supported operation is Get.
@@ -416,22 +416,22 @@ Supported values are one of the following values:
- 2 – Renewal succeeded.
- 3 – Renewal failed.
-**My/WSTEP/Renew/ErrorCode**
+**My/WSTEP/Renew/ErrorCode**
Optional. If certificate renewal fails, this integer value indicates the HRESULT of the last error code during the renewal process. Value type is an integer.
Supported operation is Get.
-**My/WSTEP/Renew/LastRenewalAttemptTime**
+**My/WSTEP/Renew/LastRenewalAttemptTime**
Added in Windows 10, version 1607. Specifies the time of the last attempted renewal.
Supported operation is Get.
-**My/WSTEP/Renew/RenewNow**
+**My/WSTEP/Renew/RenewNow**
Added in Windows 10, version 1607. Initiates a renewal now.
Supported operation is Execute.
-**My/WSTEP/Renew/RetryAfterExpiryInterval**
+**My/WSTEP/Renew/RetryAfterExpiryInterval**
Added in Windows 10, version 1703. Specifies how long after the enrollment certificate has expired before trying to renew.
Supported operations are Add, Get, and Replace.
@@ -706,7 +706,7 @@ Configure the device to automatically renew an MDM client certificate with the s
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
+
-
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index a99edbb1e3..638bdd1748 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **CertificateStore** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
@@ -1115,7 +1115,7 @@ The XML below is the current version for this CSP.
-
+
RenewPeriod
@@ -1318,7 +1318,7 @@ The XML below is the current version for this CSP.
-
+
diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
deleted file mode 100644
index a01ff5b853..0000000000
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ /dev/null
@@ -1,317 +0,0 @@
----
-title: Change history for MDM documentation
-description: This article lists new and updated articles for Mobile Device Management.
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.reviewer:
-manager: aaroncz
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-ms.localizationpriority: medium
-ms.date: 10/19/2020
----
-
-# Change history for Mobile Device Management documentation
-
-This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those articles that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues aren't listed.
-
-## November 2020
-
-|New or updated article | Description|
-|--- | ---|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policy: - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
-| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node: -Properties/SleepMode |
-
-## October 2020
-
-|New or updated article | Description|
-|--- | ---|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies - [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent) - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure) - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled) - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) - [Update/DisableWUfBSafeguards](policy-csp-update.md#update-disablewufbsafeguards) - [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput) - [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection) - [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking) - [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection) - [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu) - [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) |
-
-## September 2020
-
-|New or updated article | Description|
-|--- | ---|
-|[NetworkQoSPolicy CSP](networkqospolicy-csp.md)|Updated support information of the NetworkQoSPolicy CSP.|
-|[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation: - RecoveryConsole_AllowAutomaticAdministrativeLogon - DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways - DomainMember_DigitallyEncryptSecureChannelDataWhenPossible - DomainMember_DisableMachineAccountPasswordChanges - SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems |
-
-## August 2020
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - System](policy-csp-system.md)|Removed the following policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing |
-
-## July 2020
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings: - System/AllowDesktopAnalyticsProcessing - System/AllowMicrosoftManagedDesktopProcessing - System/AllowUpdateComplianceProcessing - System/AllowWUfBCloudProcessing
Updated the following policy setting: - System/AllowCommercialDataPipeline |
-
-## June 2020
-
-|New or updated article | Description|
-|--- | ---|
-|[BitLocker CSP](bitlocker-csp.md)|Added SKU support table for **AllowStandardUserEncryption**.|
-|[Policy CSP - NetworkIsolation](policy-csp-networkisolation.md)|Updated the description from Boolean to Integer for the following policy settings: EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative.|
-
-## May 2020
-
-|New or updated article | Description|
-|--- | ---|
-|[BitLocker CSP](bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.|
-|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table.
-
-## February 2020
-
-|New or updated article | Description|
-|--- | ---|
-|[CertificateStore CSP](certificatestore-csp.md) [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)|Added details about SubjectName value.|
-
-## January 2020
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - Defender](policy-csp-defender.md)|Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.|
-
-## November 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.|
-|[DiagnosticLog CSP](diagnosticlog-csp.md)|Added substantial updates to this CSP doc.|
-
-## October 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes: ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.|
-|[Defender CSP](defender-csp.md)|Added the following new nodes: Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.|
-
-## September 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node: IsStub.|
-|[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
-|[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies: DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.|
-
-## August 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[DiagnosticLog CSP](diagnosticlog-csp.md) [DiagnosticLog DDF](diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes: Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.|
-|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include more reference links and the following two topics: Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.|
-
-## July 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following list: Policies supported by HoloLens 2|
-|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
-|[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903: SecurityKey, SecurityKey/UseSecurityKeyForSignin|
-|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies: LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
-|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported: Create a custom configuration service provider Design a custom configuration service provider IConfigServiceProvider2 IConfigServiceProvider2::ConfigManagerNotification IConfigServiceProvider2::GetNode ICSPNode ICSPNode::Add ICSPNode::Clear ICSPNode::Copy ICSPNode::DeleteChild ICSPNode::DeleteProperty ICSPNode::Execute ICSPNode::GetChildNodeNames ICSPNode::GetProperty ICSPNode::GetPropertyIdentifiers ICSPNode::GetValue ICSPNode::Move ICSPNode::SetProperty ICSPNode::SetValue ICSPNodeTransactioning ICSPValidate Samples for writing a custom configuration service provider.|
-
-## June 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md)|Added the following new policies: AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.|
-|[Policy CSP - TimeLanguageSettings](policy-csp-timelanguagesettings.md)|Added the following new policy: ConfigureTimeZone.|
-
-## May 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[DeviceStatus CSP](devicestatus-csp.md)|Updated description of the following nodes: DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.|
-|[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)|Added new CSP in Windows 10, version 1903.|
-|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added the following new policies: DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground.
Updated description of the following policies: DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.|
-|[Policy CSP - Experience](policy-csp-experience.md)|Added the following new policy: ShowLockOnUserTile.|
-|[Policy CSP - InternetExplorer](policy-csp-internetexplorer.md)|Added the following new policies: AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.|
-|[Policy CSP - Power](policy-csp-power.md)|Added the following new policies: EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.|
-|[Policy CSP - Search](policy-csp-search.md)|Added the following new policy: AllowFindMyFiles.|
-|[Policy CSP - ServiceControlManager](policy-csp-servicecontrolmanager.md)|Added the following new policy: SvchostProcessMitigation.|
-|[Policy CSP - System](policy-csp-system.md)|Added the following new policies: AllowCommercialDataPipeline, TurnOffFileHistory.|
-|[Policy CSP - Troubleshooting](policy-csp-troubleshooting.md)|Added the following new policy: AllowRecommendations.|
-|[Policy CSP - Update](policy-csp-update.md)|Added the following new policies: AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.|
-|[Policy CSP - WindowsLogon](policy-csp-windowslogon.md)|Added the following new policies: AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.
Removed the following policy: SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.|
-
-## April 2019
-
-| New or updated article | Description |
-|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section: Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. |
-| [Policy CSP - UserRights](policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. |
-
-## March 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - Storage](policy-csp-storage.md)|Updated ADMX Info of the following policies: AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold.
Updated description of ConfigStorageSenseDownloadsCleanupThreshold.|
-
-## February 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP](policy-configuration-service-provider.md)|Updated supported policies for Holographic.|
-
-## January 2019
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
-|[SharedPC CSP](sharedpc-csp.md)|Updated values and supported operations.|
-|[Mobile device management](index.yml)|Updated information about MDM Security Baseline.|
-
-## December 2018
-
-|New or updated article | Description|
-|--- | ---|
-|[BitLocker CSP](bitlocker-csp.md)|Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.|
-
-## September 2018
-
-|New or updated article | Description|
-|--- | ---|
-|[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.|
-
-## August 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[BitLocker CSP](bitlocker-csp.md)|Added support for Windows 10 Pro starting in the version 1809.|
-|[Office CSP](office-csp.md)|Added FinalStatus setting in Windows 10, version 1809.|
-|[RemoteWipe CSP](remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
-|[TenantLockdown CSP](tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
-|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
-|[Policy DDF file](policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
Start/DisableContextMenus - added in Windows 10, version 1803.
RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.|
-
-## July 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:
You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.|
-|[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.|
-|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.|
-|[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.|
-|[WindowsLicensing CSP](windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.|
-|[SUPL CSP](supl-csp.md)|Added three new certificate nodes in Windows 10, version 1809.|
-|[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.|
-|[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.|
-|[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.|
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
DataUsage/SetCost3G - deprecated in Windows 10, version 1809.|
-
-## June 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.|
-|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
Added procedure for collecting logs remotely from Windows 10 Holographic.
Added procedure for downloading the MDM Diagnostic Information log.|
-|[BitLocker CSP](bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.|
-|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
AccountPoliciesAccountLockoutPolicy
AccountLockoutDuration - removed from docs. Not supported.
AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
System/AllowFontProviders isn't supported in HoloLens (first gen) Commercial Suite.
Security/RequireDeviceEncryption is supported in the Home SKU.
Start/StartLayout - added a table of SKU support information.
Start/ImportEdgeAssets - added a table of SKU support information.
Added the following new policies in Windows 10, version 1809:
Update/SetDisableUXWUAccess|
-|[WiredNetwork CSP](wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.|
-
-## May 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[Policy DDF file](policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.
[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
-
-## April 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:
Settings/AllowVirtualGPU
Settings/SaveFilesToHost|
-|[NetworkProxy CSP](networkproxy-csp.md)|Added the following node in Windows 10, version 1803:
ProxySettingsPerUser|
-|[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
-|[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers|
-
-## March 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[eUICCs CSP](euiccs-csp.md)|Added the following node in Windows 10, version 1803:
IsEnabled|
-|[DeviceStatus CSP](devicestatus-csp.md)|Added the following node in Windows 10, version 1803:
OS/Mode|
-|[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
[How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)|
-|[AccountManagement CSP](accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.|
-|[RootCATrustedCertificates CSP](rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
UntrustedCertificates|
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Browser/AllowCookies - updated the supported values. There are three values - 0, 1, 2.
InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
Added a new section:
[[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.|
-|[Policy CSP - Bluetooth](policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).|
-|[MultiSIM CSP](multisim-csp.md)|Added SyncML examples and updated the settings descriptions.|
-|[RemoteWipe CSP](remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.|
-
-## February 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
TextInput/TouchKeyboardWideModeAvailability|
-|[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.|
-|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
Status
ShellLauncher
StatusConfiguration
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.|
-|[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.|
-|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
MaintainProcessorArchitectureOnUpdate|
-
-## January 2018
-
-|New or updated article|Description|
-|--- |--- |
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Added the following policies in Windows 10, version 1709
DeviceLock/MinimumPasswordAge
Settings/AllowOnlineTips
System/DisableEnterpriseAuthProxy
Security/RequireDeviceEncryption - updated to show it's supported in desktop.|
-|[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.|
-|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.|
-|[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
AADSendDeviceToken
BlockInStatusPage
AllowCollectLogsButton
CustomErrorText
SkipDeviceStatusPage
SkipUserStatusPage|
-|[Defender CSP](defender-csp.md)|Added new node (OfflineScan) in Windows 10, version 1803.|
-|[UEFI CSP](uefi-csp.md)|Added a new CSP in Windows 10, version 1803.|
-|[Update CSP](update-csp.md)|Added the following nodes in Windows 10, version 1803:
Rollback
Rollback/FeatureUpdate
Rollback/QualityUpdateStatus
Rollback/FeatureUpdateStatus|
-
-## December 2017
-
-|New or updated article|Description|
-|--- |--- |
-|[Configuration service provider reference](configuration-service-provider-reference.md)|Added new section [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|
-
-## November 2017
-
-|New or updated article|Description|
-|--- |--- |
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
Search/AllowWindowsIndexer|
-
-## October 2017
-
-| New or updated article | Description |
-| --- | --- |
-| [Policy DDF file](policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
-| [Policy CSP](policy-configuration-service-provider.md) | Updated the following policies:
- Defender/ControlledFolderAccessAllowedApplications - string separator is `|` - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
-| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
-| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
-| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. |
-
-## September 2017
-
-|New or updated article|Description|
-|--- |--- |
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.|
-|[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.|
-|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.|
-|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
DomainName - fully qualified domain name if the device is domain-joined.
For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.|
-|[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.|
-|[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.|
-|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.|
-|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
User sees installation progress of critical policies during MDM enrollment.
User knows what policies, profiles, apps MDM has configured
IT helpdesk can get detailed MDM diagnostic information using client tools
For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)|
-
-## August 2017
-
-|New or updated article|Description|
-|--- |--- |
-|[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.|
-|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:
Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.|
-|[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.|
-|[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following values:
0 (default) – Off / No protection (decrypts previously protected data).
1 – Silent mode (encrypt and audit only).
2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
3 – Hides overrides (encrypt, prompt but hide overrides, and audit).|
-|[AppLocker CSP](applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allowlist examples](applocker-csp.md#allow-list-examples).|
-|[DeviceManageability CSP](devicemanageability-csp.md)|Added the following settings in Windows 10, version 1709:
Provider/ProviderID/ConfigInfo
Provider/ProviderID/EnrollmentInfo|
-|[Office CSP](office-csp.md)|Added the following setting in Windows 10, version 1709:
Installation/CurrentStatus|
-|[BitLocker CSP](bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
-|[Firewall CSP](firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
Changed some data types from integer to bool.
Updated the list of supported operations for some settings.
Added default values.|
-|[Policy DDF file](policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
Browser/AllowMicrosoftCompatibilityList
Update/DisableDualScan
Update/FillEmptyContentUrls|
-|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
Changed the names of the following policies:
Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
Added links to the extra [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).
There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
An integer specifying a CleanPC operation without any retention of user data.
The only supported operation is Execute.
-**CleanPCRetainingUserData**
-
An integer specifying a CleanPC operation with retention of user data.
+**CleanPCRetainingUserData**
+
An integer specifying a CleanPC operation with retention of user data.
The only supported operation is Execute.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md
index 9677737584..b9905656b8 100644
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **CleanPC** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
@@ -50,7 +50,7 @@ The XML below is the current version for this CSP.
CleanPCWithoutRetainingUserData
-
+ CleanPC operation without any retention of User data.
@@ -62,7 +62,7 @@ The XML below is the current version for this CSP.
-
+
text/plain
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index faff015660..c1574476c9 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 07/30/2021
---
@@ -77,18 +77,18 @@ ClientCertificateInstall
------------RespondentServerUrl
```
-**Device or User**
+**Device or User**
For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path.
-**ClientCertificateInstall**
+**ClientCertificateInstall**
The root node for the ClientCertificateInstaller configuration service provider.
-**ClientCertificateInstall/PFXCertInstall**
+**ClientCertificateInstall/PFXCertInstall**
Required for PFX certificate installation. The parent node grouping the PFX certificate related settings.
Supported operation is Get.
-**ClientCertificateInstall/PFXCertInstall/***UniqueID*
+**ClientCertificateInstall/PFXCertInstall/***UniqueID*
Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
The data type format is node.
@@ -97,12 +97,12 @@ Supported operations are Get, Add, and Replace.
Calling Delete on this node should delete the certificates and the keys that were installed by the corresponding PFX blob.
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/KeyLocation**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/KeyLocation**
Required for PFX certificate installation. Indicates the KeyStorage provider to target the private key installation to.
Supported operations are Get, Add, and Replace.
-The data type is an integer corresponding to one of the following values:
+The data type is an integer corresponding to one of the following values:
| Value | Description |
|-------|---------------------------------------------------------------------------------------------------------------|
@@ -111,14 +111,14 @@ The data type is an integer corresponding to one of the following values:
| 3 | Install to software. |
| 4 | Install to Windows Hello for Business (formerly known as Microsoft Passport for Work) whose name is specified. |
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/ContainerName**
Optional. Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name (if Windows Hello for Business storage provider (KSP) is chosen for the KeyLocation). If this node isn't specified when Windows Hello for Business KSP is chosen, enrollment will fail.
Date type is string.
Supported operations are Get, Add, Delete, and Replace.
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob**
CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This Add operation requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before the Add operation is called. This trigger for addition also sets the Status node to the current Status of the operation.
The data type format is binary.
@@ -131,14 +131,14 @@ If Add is called on this node for a new PFX, the certificate will be added. When
In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](/previous-versions/windows/desktop/legacy/aa381414(v=vs.85)).
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword**
Password that protects the PFX blob. This is required if the PFX is password protected.
Data Type is a string.
Supported operations are Get, Add, and Replace.
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType**
Optional. Used to specify whether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
The data type is int. Valid values:
@@ -151,7 +151,7 @@ When PFXCertPasswordEncryptionType =2, you must specify the store name in PFXCer
Supported operations are Get, Add, and Replace.
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXKeyExportable**
Optional. Used to specify if the private key installed is exportable (and can be exported later). The PFX isn't exportable when it's installed to TPM.
> [!Note]
@@ -161,37 +161,37 @@ The data type bool.
Supported operations are Get, Add, and Replace.
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Thumbprint**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Thumbprint**
Returns the thumbprint of the installed PFX certificate.
The datatype is a string.
Supported operation is Get.
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Status**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/Status**
Required. Returns the error code of the PFX installation from the GetLastError command called after the PfxImportCertStore.
Data type is an integer.
Supported operation is Get.
-**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionStore**
+**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionStore**
Added in Windows 10, version 1511. When PFXCertPasswordEncryptionType = 2, it specifies the store name of the certificate used for decrypting the PFXCertPassword.
Data type is string.
Supported operations are Add, Get, and Replace.
-**ClientCertificateInstall/SCEP**
+**ClientCertificateInstall/SCEP**
Node for SCEP.
> [!Note]
> An alert is sent after the SCEP certificate is installed.
-**ClientCertificateInstall/SCEP/***UniqueID*
+**ClientCertificateInstall/SCEP/***UniqueID*
A unique ID to differentiate different certificate installation requests.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install**
A node required for SCEP certificate enrollment. Parent node to group SCEP cert installation related requests.
Supported operations are Get, Add, Replace, and Delete.
@@ -199,29 +199,29 @@ Supported operations are Get, Add, Replace, and Delete.
> [!Note]
> Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and ensure the device isn't at an unknown state before changing child node values.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL**
Required for SCEP certificate enrollment. Specifies the certificate enrollment server. Multiple server URLs can be listed, separated by semicolons.
Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge**
Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Challenge is deleted shortly after the Exec command is accepted.
Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping**
Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs is separated by a plus +. For example, OID1+OID2+OID3.
Data type is string.
Supported operations are Get, Add, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName**
-Required. Specifies the subject name.
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName**
+Required. Specifies the subject name.
The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”).
@@ -231,13 +231,13 @@ Data type is string.
Supported operations are Add, Get, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyProtection**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyProtection**
Optional. Specifies where to keep the private key.
> [!Note]
> Even if the private key is protected by TPM, it isn't protected with a TPM PIN.
-The data type is an integer corresponding to one of the following values:
+The data type is an integer corresponding to one of the following values:
| Value | Description |
|---|---|
@@ -248,14 +248,14 @@ The data type is an integer corresponding to one of the following values:
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage**
Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or forth (0x80) or both bits set. If the value doesn’t have those bits set, configuration will fail.
Data type is int.
-Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay**
Optional. When the SCEP server sends a pending status, this value specifies the device retry waiting time in minutes.
Data type format is an integer.
@@ -266,7 +266,7 @@ The minimum value is 1.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount**
Optional. Unique to SCEP. Specifies the device retry times when the SCEP server sends a pending status.
Data type is integer.
@@ -279,7 +279,7 @@ Minimum value is 0, which indicates no retry.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName**
Optional. OID of certificate template name.
> [!Note]
@@ -289,7 +289,7 @@ Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength**
Required for enrollment. Specify private key length (RSA).
Data type is integer.
@@ -300,7 +300,7 @@ For Windows Hello for Business (formerly known as Microsoft Passport for Work) ,
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm**
Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with +.
For Windows Hello for Business, only SHA256 is the supported algorithm.
@@ -309,14 +309,14 @@ Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint**
Required. Specifies Root CA thumbprint. This thumbprint is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks the CA certificate from the SCEP server to verify a match with this certificate. If it isn't a match, the authentication will fail.
Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. For more information, see the name type definitions in MSDN.
Each pair is separated by semicolon. For example, multiple SANs are presented in the format of [name format1]+[actual name1];[name format 2]+[actual name2].
@@ -325,7 +325,7 @@ Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod**
Optional. Specifies the units for the valid certificate period.
Data type is string.
@@ -341,8 +341,8 @@ Valid values are:
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits**
-Optional. Specifies the desired number of units used in the validity period. This number is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) is defined in the ValidPeriod node.
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits**
+Optional. Specifies the desired number of units used in the validity period. This number is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) is defined in the ValidPeriod node.
> [!Note]
> The valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
@@ -354,35 +354,35 @@ Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName**
Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node isn't specified when Windows Hello for Business KSP is chosen, the enrollment will fail.
Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt**
Optional. Specifies the custom text to show on the Windows Hello for Business PIN prompt during certificate enrollment. The admin can choose to provide more contextual information in this field for why the user needs to enter the PIN and what the certificate will be used for.
Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll**
Required. Triggers the device to start the certificate enrollment. The device won't notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added.
The date type format is Null, meaning this node doesn’t contain a value.
The only supported operation is Execute.
-**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
+**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
Optional. Specify the Azure Active Directory Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint**
+**ClientCertificateInstall/SCEP/*UniqueID*/CertThumbprint**
Optional. Specifies the current certificate’s thumbprint if certificate enrollment succeeds. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value.
If the certificate on the device becomes invalid (Cert expired, Cert chain isn't valid, private key deleted) then it will return an empty string.
@@ -391,7 +391,7 @@ Data type is string.
The only supported operation is Get.
-**ClientCertificateInstall/SCEP/*UniqueID*/Status**
+**ClientCertificateInstall/SCEP/*UniqueID*/Status**
Required. Specifies latest status of the certificated during the enrollment request.
Data type is string. Valid values:
@@ -405,7 +405,7 @@ The only supported operation is Get.
| 16 | Action failed |
| 32 | Unknown |
-**ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode**
+**ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode**
Optional. An integer value that indicates the HRESULT of the last enrollment error code.
The only supported operation is Get.
@@ -714,4 +714,4 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index 716eff3eef..8d8a117d95 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **ClientCertificateInstall** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
@@ -78,9 +78,9 @@ The XML below is the current version for this CSP.
- Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
-Format is node.
-Supported operations are Get, Add, Delete
+ Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
+Format is node.
+Supported operations are Get, Add, Delete
Calling Delete on the this node, should delete the certificates and the keys that were installed by the corresponding PFX blob.
@@ -134,7 +134,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha
- Optional.
+ Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
Format is chr.
Supported operations are Get, Add, Delete and Replace.
@@ -161,7 +161,7 @@ Supported operations are Get, Add, Delete and Replace.
- Required.
+ Required.
CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, fKeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation.
Format is Binary64.
Supported operations are Get, Add, Replace.
@@ -194,7 +194,7 @@ CRYPT_DATA_BLOB on MSDN can be found at https://msdn.microsoft.com/library/windo
Required if PFX is password protected.
-Password that protects the PFX blob.
+Password that protects the PFX blob.
Format is chr. Supported operations are Add, Get.
@@ -221,7 +221,7 @@ Format is chr. Supported operations are Add, Get.
0Optional. Used to specify if the PFX certificate password is encrypted with a certificate.
-If the value is
+If the value is
0 - Password is not encrypted
1- Password is encrypted using the MDM certificate by the MDM server
2 - Password is encrypted by a Custom Certificate by the MDM server. When this value is used here, also specify the custom store name in the PFXCertPasswordEncryptionStore node.
@@ -271,7 +271,7 @@ Supported operations are Add, Get.
Thumbprint
-
+ Returns the thumbprint of the PFX certificate installed. Format is string.Supported operations are Get.
@@ -321,8 +321,8 @@ Support operations are Get.
- Optional.
-When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
+ Optional.
+When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the store name where the certificate for decrypting the PFXCertPassword is stored.
Datatype is string,
Support operation are Add, Get and Replace.
@@ -370,8 +370,8 @@ Support operation are Add, Get and Replace.
- Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.
-Format is node.
+ Required for SCEP certificate installation. A unique ID to differentiate different certificate install requests.
+Format is node.
Supported operations are Get, Add, Delete.
Calling Delete on the this node, should delete the corresponding SCEP certificate
@@ -422,8 +422,8 @@ NOTE: Though the children nodes under Install support Replace commands, once the
- Required for SCEP certificate enrollment. Specify the cert enrollment server. The server could specify multiple server URLs separated by semicolon.
-Format is string.
+ Required for SCEP certificate enrollment. Specify the cert enrollment server. The server could specify multiple server URLs separated by semicolon.
+Format is string.
Supported operations are Get, Add, Delete, Replace.
@@ -474,7 +474,7 @@ Supported operations are Get, Add, Delete, Replace.Required. Specify extended key usages. Subjected to SCEP server configuration. The list of OIDs are separated by plus “+”. Sample format: OID1+OID2+OID3.
-Format is chr.
+Format is chr.
Supported operations are Get, Add, Delete, Replace.
@@ -502,7 +502,7 @@ Supported operations are Get, Add, Delete, Replace.Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or forth (0x80) or both bits set. If the value doesn’t have those bits set, configuration will fail.
-Format is int.
+Format is int.
Supported operations are Get, Add, Delete, Replace.
@@ -553,20 +553,20 @@ Supported operations are Get, Add, Delete, Replace.3
- Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
+ Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
-SCEP enrolled cert doesn’t support TPM PIN protection. Supported values:
+SCEP enrolled cert doesn’t support TPM PIN protection. Supported values:
-1 – private key protected by TPM,
+1 – private key protected by TPM,
-2 – private key protected by phone TPM if the device supports TPM.
+2 – private key protected by phone TPM if the device supports TPM.
-3 (default) – private key saved in software KSP
+3 (default) – private key saved in software KSP
4 – private key protected by NGC. If this option is specified, container name should be specified, if not enrollment will fail.
-Format is int.
+Format is int.
Supported operations are Get, Add, Delete, Replace.
@@ -595,12 +595,12 @@ Supported operations are Get, Add, Delete, Replace.
5
- Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes.
+ Optional. When the SCEP server sends pending status, specify device retry waiting time in minutes.
Default value is: 5
-The min value is 1.
+The min value is 1.
-Format is int.
+Format is int.
Supported operations are Get, Add, Delete noreplace.
@@ -676,7 +676,7 @@ The min value is 0 which means no retry. Supported operations are Get, Add, Dele
- Required for enrollment. Specify private key length (RSA). Format is int.
+ Required for enrollment. Specify private key length (RSA). Format is int.
Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength.
@@ -704,11 +704,11 @@ Supported operations are Get, Add, Delete, Replace.
- Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +.
+ Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated via +.
For NGC, only SHA256 is supported as the supported algorithm
-Format is chr.
+Format is chr.
Supported operations are Get, Add, Delete, Replace.
@@ -733,8 +733,8 @@ Supported operations are Get, Add, Delete, Replace.
- Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If not match, fail the authentication.
-Format is chr.
+ Required. Specify root CA thumbprint. It is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates SCEP server, it checks CA cert from SCEP server whether match with this cert. If not match, fail the authentication.
+Format is chr.
Supported operations are Get, Add, Delete, Replace.
@@ -759,9 +759,9 @@ Supported operations are Get, Add, Delete, Replace.
- Optional. Specify subject alternative name. Multiple alternative names could be specified by this node. Each name is the combination of name format+actual name. Refer name type definition in MSDN. Each pair is separated by semicolon. E.g. multiple SAN are presented in the format of [nameformat1]+[actual name1];[name format 2]+[actual name2].
+ Optional. Specify subject alternative name. Multiple alternative names could be specified by this node. Each name is the combination of name format+actual name. Refer name type definition in MSDN. Each pair is separated by semicolon. E.g. multiple SAN are presented in the format of [nameformat1]+[actual name1];[name format 2]+[actual name2].
-Format is chr.
+Format is chr.
Supported operations are Get, Add, Delete, Replace.
@@ -788,8 +788,8 @@ Supported operations are Get, Add, Delete, Replace.Days
- Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years.
-Format is chr.
+ Optional. Specify the units for valid period. Valid values are: Days(Default), Months, Years.
+Format is chr.
Supported operations are Get, Add, Delete, Replace.
NOTE: The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio) the SCEP server as part of certificate enrollment request. It is the server’s decision on how to use this valid period to create the certificate.
@@ -817,9 +817,9 @@ NOTE: The device only sends the MDM server expected certificate validation perio
0
- Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note that the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
+ Optional. Specify desired number of units used in validity period. Subjected to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. Note that the valid period specified by MDM will overwrite the valid period specified in cert template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
-Format is int.
+Format is int.
Supported operations are Get, Add, Delete, Replace.
@@ -847,7 +847,7 @@ NOTE: The device only sends the MDM server expected certificate validation perio
- Optional.
+ Optional.
Specifies the NGC container name (if NGC KSP is chosen for above node). If this node is not specified when NGC KSP is chosen, enrollment will fail.
Format is chr.
@@ -901,9 +901,9 @@ Supported operations are Get, Add, Delete and Replace.
- Required. Trigger the device to start the cert enrollment. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added.
+ Required. Trigger the device to start the cert enrollment. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added.
-Format is null, e.g. this node doesn’t contain a value.
+Format is null, e.g. this node doesn’t contain a value.
Supported operation is Exec.
@@ -974,9 +974,9 @@ Supported operation is Exec.Required. Specify the latest status for the certificate due to enroll request.
-Format is chr.
+Format is chr.
-Supported operation is Get.
+Supported operation is Get.
Valid values are:
1 – finished successfully
@@ -1003,7 +1003,7 @@ Valid values are:
- Optional. The integer value that indicates the HRESULT of the last enrollment error code.
+ Optional. The integer value that indicates the HRESULT of the last enrollment error code.
Supported operation is Get.
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index 910c3b6c31..dec02671ea 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -1,7 +1,7 @@
---
title: CM\_CellularEntries CSP
description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -58,12 +58,12 @@ CM_CellularEntries
--------PurposeGroups
```
-***entryname***
+***entryname***
Defines the name of the connection.
The [CMPolicy configuration service provider](cmpolicy-csp.md) uses the value of *entryname* to identify the connection that is associated with a policy and [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) uses the value of *entryname* to identify the connection that is associated with a proxy.
-**AlwaysOn**
+**AlwaysOn**
Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available.
A value of "0" specifies that AlwaysOn isn't supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally. For example, an APN that only controls MMS.
@@ -72,12 +72,12 @@ A value of "1" specifies that AlwaysOn is supported, and the Connection Manager
There must be at least one AlwaysOn Internet connection provisioned for the mobile operator.
-**AuthType**
+**AuthType**
Optional. Type: String. Specifies the method of authentication used for a connection.
A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None".
-**ConnectionType**
+**ConnectionType**
Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available:
|Connection type|Usage|
@@ -89,48 +89,48 @@ Optional. Type: String. Specifies the type of connection used for the APN. The f
|Lte_iwlan|Used for GPRS type connections that may be offloaded over WiFi.|
|Iwlan|Used for connections that are implemented over WiFi offload only.|
-**Desc.langid**
+**Desc.langid**
Optional. Specifies the UI display string used by the defined language ID.
A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as `Desc.0409` with a value of `"GPRS Connection"` will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no **Desc** parameter is provisioned for a given language, the system will default to the name used to create the entry.
-**Enabled**
+**Enabled**
Specifies if the connection is enabled.
A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled.
-**IpHeaderCompression**
+**IpHeaderCompression**
Optional. Specifies if IP header compression is enabled.
A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled.
-**Password**
+**Password**
Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN.
-**SwCompression**
+**SwCompression**
Optional. Specifies if software compression is enabled.
A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled.
-**UserName**
+**UserName**
Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN.
-**UseRequiresMappingsPolicy**
+**UseRequiresMappingsPolicy**
Optional. Specifies if the connection requires a corresponding mappings policy.
A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present.
For example, if the multimedia messaging service (MMS) APN shouldn't have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose internet traffic.
-**Version**
+**Version**
Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider.
This value must be "1" if included.
-**GPRSInfoAccessPointName**
+**GPRSInfoAccessPointName**
Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT".
-**Roaming**
+**Roaming**
Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available:
- 0 - Home network only.
@@ -140,22 +140,22 @@ Optional. Type: Int. This parameter specifies the roaming conditions under which
- 4 - Non-domestic roaming only.
- 5 - Roaming only.
-**OEMConnectionID**
+**OEMConnectionID**
Optional. Type: GUID. Specifies a GUID that is used to identify a specific connection in the modem. If a value isn't specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
-**ApnId**
+**ApnId**
Optional. Type: Int. Specifies the purpose of the APN. If a value isn't specified, the default value is "0" (none). This parameter is only used on LTE devices.
-**IPType**
+**IPType**
Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value isn't specified, the default value is "IPv4".
> [!WARNING]
> Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6.
-**ExemptFromDisablePolicy**
+**ExemptFromDisablePolicy**
Added back in Windows 10, version 1511. Optional. Type: Int. This value should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value isn't specified, the default value is "0" (not exempt).
-To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". These settings indicate that the connection is a dedicated MMS connection and that it shouldn't be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF.
+To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". These settings indicate that the connection is a dedicated MMS connection and that it shouldn't be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF.
> [!Note]
> Sending MMS while roaming is still not allowed.
@@ -168,13 +168,13 @@ To avoid UX inconsistency with certain value combinations of ExemptFromDisablePo
- Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1)
- Set AllowMMSIfDataIsOff to 1 (default is 0)
-**ExemptFromRoaming**
+**ExemptFromRoaming**
Added back in Windows 10, version 1511. Optional. Type: Int. This value should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value isn't specified, the default value is "0" (not exempt).
-**TetheringNAI**
+**TetheringNAI**
Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value isn't specified, the default value is "0".
-**IdleDisconnectTimeout**
+**IdleDisconnectTimeout**
Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds.
> [!IMPORTANT]
@@ -183,10 +183,10 @@ Optional. Type: Int. Specifies how long an on-demand connection can be unused be
> [!NOTE]
> If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds.
-**SimIccId**
+**SimIccId**
For single SIM phones, this parm is Optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
-**PurposeGroups**
+**PurposeGroups**
Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
- Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F
@@ -194,8 +194,8 @@ Required. Type: String. Specifies the purposes of the connection by a comma-sepa
- MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8
- IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13
- SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD
-- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB
-- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364
+- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB
+- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364
- Application - 52D7654A-00A8-4140-806C-087D66705306
- eSIM provisioning - A36E171F-2377-4965-88FE-1F53EB4B47C0
@@ -207,7 +207,7 @@ To delete a connection, you must first delete any associated proxies and then de
-
+
@@ -247,7 +247,7 @@ Configuring an LTE connection:
-
+
```
@@ -283,5 +283,5 @@ The following table shows the Microsoft custom elements that this configuration
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 38d7d17625..26f88a1e32 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -1,7 +1,7 @@
---
title: CMPolicy CSP
description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -51,10 +51,10 @@ CMPolicy
----------------Type
```
-***policyName***
+***policyName***
Defines the name of the policy.
-**SID**
+**SID**
The value of SID depends on the ClientType.
For Universal Windows Platform (UWP) app-based mapping policies, SID is the Package family name without curly brackets {}, not the application.
@@ -63,7 +63,7 @@ For non-UWP application-based mapping policies, SID is the application product I
For host-based mapping policies, SID must be set to `*`.
-**ClientType**
+**ClientType**
Specifies the mapping policy type.
The following list describes the available mapping policy types:
@@ -72,20 +72,20 @@ The following list describes the available mapping policy types:
- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`.
-**Host**
+**Host**
Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use.
The host pattern can have two wild cards, `*` and `+`. The host pattern isn't a URL pattern and there's no concept of transport or paths on the specific host. For example, the host pattern might be `*.host_name.com` to match any prefix to the `host_name.com` domains. The host pattern will match `www.host_name.com` and `mail.host_name.com`, but it won't match `host_name.com`.
-**OrderedConnections**
+**OrderedConnections**
Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
-**Conn***XXX*
+**Conn***XXX*
Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
-**ConnectionID**
+**ConnectionID**
Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to “GPRS1”, the connection name could be “GPRS1@WAP”.
@@ -129,7 +129,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type.
|Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}|
|Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}|
-**Type**
+**Type**
Specifies the type of connection being referenced. The following list describes the available connection types:
- `CMST_CONNECTION_NAME` – A connection specified by name.
@@ -166,20 +166,20 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
-
-
+
+
-
-
+
+
-
-
+
+
-
-
+
+
@@ -213,20 +213,20 @@ In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the
-
-
+
+
-
-
+
+
-
-
+
+
-
-
+
+
@@ -298,7 +298,7 @@ Adding an application-based mapping policy:
CMST_CONNECTION_DEVICE_TYPE
-
+
@@ -381,11 +381,11 @@ Adding a host-based mapping policy:
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
+[Configuration service provider reference](index.yml)
+
+
+
+
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 8515da3881..899a3779e8 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -1,7 +1,7 @@
---
title: CMPolicyEnterprise CSP
description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -53,10 +53,10 @@ CMPolicy
----------------ConnectionID
----------------Type
```
-***policyName***
+***policyName***
Defines the name of the policy.
-**SID**
+**SID**
The value of SID depends on the ClientType.
For Universal Windows Platform (UWP) app-based mapping policies, SID is the Package family name without curly brackets {}, not the application.
@@ -65,7 +65,7 @@ For non-UWP application-based mapping policies, SID is the application product I
For host-based mapping policies, SID must be set to `*`.
-**ClientType**
+**ClientType**
Specifies the mapping policy type.
The following list describes the available mapping policy types:
@@ -74,21 +74,21 @@ The following list describes the available mapping policy types:
- Host-based mapping policies are applied to all types of clients requesting connections to specified host(s). To specify this mapping type, use the value `*`.
-**Host**
+**Host**
Specifies the name of a host pattern. The host name is matched to the connection request to select the right policy to use.
The host pattern can have two wild cards, "\*" and "+". The host pattern isn't a URL pattern and there's no concept of transport or paths on the specific host. For example, the host pattern might be "\*.host\_name.com" to match any prefix to the host\_name.com domains. The host pattern will match "www.host\_name.com" and "mail.host\_name.com", but it will not match "host\_name.com".
-**OrderedConnections**
+**OrderedConnections**
Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
-**Conn***XXX*
+**Conn***XXX*
Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three-digits, which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
-**ConnectionID**
+**ConnectionID**
Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to “GPRS1”, the connection name could be “GPRS1@WAP”.
@@ -133,7 +133,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type.
|Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}|
|Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}|
-**Type**
+**Type**
Specifies the type of connection being referenced. The following list describes the available connection types:
- `CMST_CONNECTION_NAME` – A connection specified by name.
@@ -170,20 +170,20 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
-
-
+
+
-
-
+
+
-
-
+
+
-
-
+
+
@@ -215,20 +215,20 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
-
-
+
+
-
-
+
+
-
-
+
+
-
-
+
+
@@ -300,7 +300,7 @@ Adding an application-based mapping policy:
CMST_CONNECTION_DEVICE_TYPE
-
+
@@ -383,11 +383,11 @@ Adding a host-based mapping policy:
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
+[Configuration service provider reference](index.yml)
+
+
+
+
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 47fd1ec39d..0b07180698 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -1,7 +1,7 @@
---
title: CMPolicyEnterprise DDF file
description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **CMPolicyEnterprise** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/configuration-service-provider-ddf.md b/windows/client-management/mdm/configuration-service-provider-ddf.md
new file mode 100644
index 0000000000..12b60500aa
--- /dev/null
+++ b/windows/client-management/mdm/configuration-service-provider-ddf.md
@@ -0,0 +1,29 @@
+---
+title: Configuration service provider DDF files
+description: Learn more about the OMA DM device description framework (DDF) for various configuration service providers
+ms.reviewer:
+manager: aaroncz
+ms.author: vinpa
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: vinaypamnani-msft
+ms.date: 09/18/2020
+ms.collection: highpri
+---
+
+# Configuration service provider DDF files
+
+This topic shows the OMA DM device description framework (DDF) for various configuration service providers. DDF files are used only with OMA DM provisioning XML.
+
+You can download the DDF files for various CSPs from the links below:
+
+- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
+
+You can download DDF file for Policy CSP from [Policy DDF file](policy-ddf-file.md).
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-support.md
similarity index 90%
rename from windows/client-management/mdm/configuration-service-provider-reference.md
rename to windows/client-management/mdm/configuration-service-provider-support.md
index 62eca97eea..e6000e0976 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-support.md
@@ -1,7 +1,7 @@
---
-title: Configuration service provider reference
-description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device.
-ms.reviewer:
+title: Configuration service provider support
+description: Learn more about configuration service provider (CSP) supported scenarios.
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -12,20 +12,14 @@ ms.date: 09/18/2020
ms.collection: highpri
---
-# Configuration service provider reference
+# Configuration service provider support
A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
-For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download).
-
-
-Additional lists:
-- [List of CSPs supported in HoloLens devices](#hololens)
-- [List of CSPs supported in Microsoft Surface Hub](#surfacehubcspsupport)
-- [List of CSPs supported in Windows 10 IoT Core](#iotcoresupport)
+- For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
+- For CSP DDF files, see [CSP DDF files download](configuration-service-provider-ddf.md).
-
## CSP support
@@ -531,6 +525,18 @@ Additional lists:
+
+[Local Administrator Password Solution CSP](laps-csp.md)
+
+
+
+|Home|Pro|Business|Enterprise|Education|
+|--- |--- |--- |--- |--- |
+|Yes|Yes|Yes|Yes|Yes|
+
+
+
+
[MultiSIM CSP](multisim-csp.md)
@@ -995,18 +1001,6 @@ Additional lists:
-## CSP DDF files download
-
-You can download the DDF files for various CSPs from the links below:
-- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
-- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
-
-
## CSPs supported in HoloLens devices
The following list shows the CSPs supported in HoloLens devices:
@@ -1044,10 +1038,10 @@ The following list shows the CSPs supported in HoloLens devices:
| [WiFi CSP](wifi-csp.md) | No | Yes | Yes |
| [WindowsLicensing CSP](windowslicensing-csp.md) | Yes | Yes | No |
-
+
## CSPs supported in Microsoft Surface Hub
-- [Accounts CSP](accounts-csp.md)
+- [Accounts CSP](accounts-csp.md)
> [!NOTE]
> Support in Surface Hub is limited to **Domain\ComputerName**.
- [AccountManagement CSP](accountmanagement-csp.md)
@@ -1063,7 +1057,7 @@ The following list shows the CSPs supported in HoloLens devices:
- [DMAcc CSP](dmacc-csp.md)
- [DMClient CSP](dmclient-csp.md)
- [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
-- [Firewall-CSP](firewall-csp.md)
+- [Firewall-CSP](firewall-csp.md)
- [HealthAttestation CSP](healthattestation-csp.md)
- [NetworkProxy CSP](networkproxy-csp.md)
- [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
@@ -1071,14 +1065,14 @@ The following list shows the CSPs supported in HoloLens devices:
- [PassportForWork CSP](passportforwork-csp.md)
- [Policy CSP](policy-configuration-service-provider.md)
- [Reboot CSP](reboot-csp.md)
-- [RemoteWipe CSP](remotewipe-csp.md)
+- [RemoteWipe CSP](remotewipe-csp.md)
- [Reporting CSP](reporting-csp.md)
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
- [SurfaceHub CSP](surfacehub-csp.md)
- [UEFI CSP](uefi-csp.md)
-- [Wifi-CSP](wifi-csp.md)
+- [Wifi-CSP](wifi-csp.md)
- [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
-- [Wirednetwork-CSP](wirednetwork-csp.md)
+- [Wirednetwork-CSP](wirednetwork-csp.md)
## CSPs supported in Windows 10 IoT Core
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 759f17f26a..53b1ab435d 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -1,7 +1,7 @@
---
title: CustomDeviceUI CSP
description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -27,16 +27,16 @@ CustomDeviceUI
--------BackgroundTaskPackageName
```
-**./Vendor/MSFT/CustomDeviceUI**
+**./Vendor/MSFT/CustomDeviceUI**
The root node for the CustomDeviceUI configuration service provider. The supported operation is Get.
-**StartupAppID**
+**StartupAppID**
AppID string value is the default appid/AUMID to launch during startup. The supported operations are Get and Replace.
-**BackgroundTasksToLaunch**
+**BackgroundTasksToLaunch**
List of package names of background tasks that need to be launched on device startup. The supported operation is Get.
-**BackgroundTasksToLaunch/***BackgroundTaskPackageName*
+**BackgroundTasksToLaunch/***BackgroundTaskPackageName*
Package Full Name of the application that needs to be launched in the background. This application can contain no entry points, a single entry point, or multiple entry points. The supported operations are Add, Delete, Get, and Replace.
## SyncML examples
@@ -45,19 +45,19 @@ Package Full Name of the application that needs to be launched in the background
```xml
-
+ 1./Vendor/MSFT/CustomDeviceUI/StartupAppID
-
+
chr
DefaultApp_cw5n1h2txyewy!App
-
+
@@ -67,7 +67,7 @@ Package Full Name of the application that needs to be launched in the background
```xml
-
+ 1
@@ -75,7 +75,7 @@ Package Full Name of the application that needs to be launched in the background
./Vendor/MSFT/CustomDeviceUI/BackgroundTaskstoLaunch?list=Struct
-
+
@@ -85,7 +85,7 @@ Package Full Name of the application that needs to be launched in the background
```xml
-
+ 1
@@ -97,15 +97,15 @@ Package Full Name of the application that needs to be launched in the background
0
-
+
```
-
-
-
+
+
+
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index f847a4ba95..e77372750e 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -1,7 +1,7 @@
---
title: CustomDeviceUI DDF
description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **CustomDeviceUI** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index ca3b7ea096..c95bb5bc44 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,7 +1,7 @@
---
title: Defender CSP
description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -88,31 +88,31 @@ Defender
----UpdateSignature
----OfflineScan (Added in Windows 10 version 1803)
```
-**Detections**
+**Detections**
An interior node to group all threats detected by Windows Defender.
Supported operation is Get.
-**Detections/***ThreatId*
+**Detections/***ThreatId*
The ID of a threat that has been detected by Windows Defender.
Supported operation is Get.
-**Detections/*ThreatId*/Name**
+**Detections/*ThreatId*/Name**
The name of the specific threat.
The data type is a string.
Supported operation is Get.
-**Detections/*ThreatId*/URL**
+**Detections/*ThreatId*/URL**
URL link for more threat information.
The data type is a string.
Supported operation is Get.
-**Detections/*ThreatId*/Severity**
+**Detections/*ThreatId*/Severity**
Threat severity ID.
The data type is integer.
@@ -127,7 +127,7 @@ The following list shows the supported values:
Supported operation is Get.
-**Detections/*ThreatId*/Category**
+**Detections/*ThreatId*/Category**
Threat category ID.
The data type is integer.
@@ -190,7 +190,7 @@ The following table describes the supported values:
Supported operation is Get.
-**Detections/*ThreatId*/CurrentStatus**
+**Detections/*ThreatId*/CurrentStatus**
Information about the current status of the threat.
The data type is integer.
@@ -211,7 +211,7 @@ The following list shows the supported values:
Supported operation is Get.
-**Detections/*ThreatId*/CurrentStatus**
+**Detections/*ThreatId*/CurrentStatus**
Information about the current status of the threat.
The data type is integer.
@@ -232,7 +232,7 @@ The following list shows the supported values:
Supported operation is Get.
-**Detections/*ThreatId*/ExecutionStatus**
+**Detections/*ThreatId*/ExecutionStatus**
Information about the execution status of the threat.
The data type is integer.
@@ -247,34 +247,34 @@ The following list shows the supported values:
Supported operation is Get.
-**Detections/*ThreatId*/InitialDetectionTime**
+**Detections/*ThreatId*/InitialDetectionTime**
The first time this particular threat was detected.
The data type is a string.
Supported operation is Get.
-**Detections/*ThreatId*/LastThreatStatusChangeTime**
+**Detections/*ThreatId*/LastThreatStatusChangeTime**
The last time this particular threat was changed.
The data type is a string.
Supported operation is Get.
-**Detections/*ThreatId*/NumberOfDetections**
+**Detections/*ThreatId*/NumberOfDetections**
Number of times this threat has been detected on a particular client.
The data type is integer.
Supported operation is Get.
-**EnableNetworkProtection**
+**EnableNetworkProtection**
-The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources.
+The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources.
The acceptable values for this parameter are:
- 0: Disabled. The Network Protection service won't block navigation to malicious websites, or contact the SmartScreen URL reputation service. It will still send connection metadata to the antimalware engine if behavior monitoring is enabled, to enhance AV Detections.
- 1: Enabled. The Network Protection service will block connections to malicious websites based on URL Reputation from the SmartScreen URL reputation service.
-- 2: AuditMode. As above, but the Network Protection service won't block connections to malicious websites, but will instead log the access to the event log.
+- 2: AuditMode. As above, but the Network Protection service won't block connections to malicious websites, but will instead log the access to the event log.
Accepted values: Disabled, Enabled, and AuditMode
Position: Named
@@ -284,7 +284,7 @@ Accept wildcard characters: False
**EnableNetworkProtection/AllowNetworkProtectionDownLevel**
-By default, network protection isn't allowed to be enabled on Windows versions before 1709, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode.
+By default, network protection isn't allowed to be enabled on Windows versions before 1709, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode.
- Type: Boolean
- Position: Named
- Default value: False
@@ -401,17 +401,17 @@ Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if
- Accept pipeline input: False
- Accept wildcard characters: False
-**Health**
+**Health**
An interior node to group information about Windows Defender health status.
Supported operation is Get.
-**Health/ProductStatus**
+**Health/ProductStatus**
Added in Windows 10, version 1809. Provide the current state of the product. This value is a bitmask flag value that can represent one or multiple product states from below list.
The data type is integer. Supported operation is Get.
-Supported product status values:
+Supported product status values:
- No status = 0
- Service not running = 1 << 0
- Service started without any malware protection engine = 1 << 1
@@ -457,7 +457,7 @@ Example:
```
-**Health/ComputerState**
+**Health/ComputerState**
Provide the current state of the device.
The data type is integer.
@@ -473,28 +473,28 @@ The following list shows the supported values:
Supported operation is Get.
-**Health/DefenderEnabled**
+**Health/DefenderEnabled**
Indicates whether the Windows Defender service is running.
The data type is a Boolean.
Supported operation is Get.
-**Health/RtpEnabled**
+**Health/RtpEnabled**
Indicates whether real-time protection is running.
The data type is a Boolean.
Supported operation is Get.
-**Health/NisEnabled**
+**Health/NisEnabled**
Indicates whether network protection is running.
The data type is a Boolean.
Supported operation is Get.
-**Health/QuickScanOverdue**
+**Health/QuickScanOverdue**
Indicates whether a Windows Defender quick scan is overdue for the device.
A Quick scan is overdue when a scheduled Quick scan didn't complete successfully for 2 weeks and [catchup Quick scans](./policy-csp-defender.md#defender-disablecatchupquickscan) are disabled (default).
@@ -503,7 +503,7 @@ The data type is a Boolean.
Supported operation is Get.
-**Health/FullScanOverdue**
+**Health/FullScanOverdue**
Indicates whether a Windows Defender full scan is overdue for the device.
A Full scan is overdue when a scheduled Full scan didn't complete successfully for 2 weeks and [catchup Full scans](./policy-csp-defender.md#defender-disablecatchupfullscan) are disabled (default).
@@ -512,96 +512,96 @@ The data type is a Boolean.
Supported operation is Get.
-**Health/SignatureOutOfDate**
+**Health/SignatureOutOfDate**
Indicates whether the Windows Defender signature is outdated.
The data type is a Boolean.
Supported operation is Get.
-**Health/RebootRequired**
+**Health/RebootRequired**
Indicates whether a device reboot is needed.
The data type is a Boolean.
Supported operation is Get.
-**Health/FullScanRequired**
+**Health/FullScanRequired**
Indicates whether a Windows Defender full scan is required.
The data type is a Boolean.
Supported operation is Get.
-**Health/EngineVersion**
+**Health/EngineVersion**
Version number of the current Windows Defender engine on the device.
The data type is a string.
Supported operation is Get.
-**Health/SignatureVersion**
+**Health/SignatureVersion**
Version number of the current Windows Defender signatures on the device.
The data type is a string.
Supported operation is Get.
-**Health/DefenderVersion**
+**Health/DefenderVersion**
Version number of Windows Defender on the device.
The data type is a string.
Supported operation is Get.
-**Health/QuickScanTime**
+**Health/QuickScanTime**
Time of the last Windows Defender quick scan of the device.
The data type is a string.
Supported operation is Get.
-**Health/FullScanTime**
+**Health/FullScanTime**
Time of the last Windows Defender full scan of the device.
The data type is a string.
Supported operation is Get.
-**Health/QuickScanSigVersion**
+**Health/QuickScanSigVersion**
Signature version used for the last quick scan of the device.
The data type is a string.
Supported operation is Get.
-**Health/FullScanSigVersion**
+**Health/FullScanSigVersion**
Signature version used for the last full scan of the device.
The data type is a string.
Supported operation is Get.
-**Health/TamperProtectionEnabled**
+**Health/TamperProtectionEnabled**
Indicates whether the Windows Defender tamper protection feature is enabled.
The data type is a Boolean.
Supported operation is Get.
-**Health/IsVirtualMachine**
+**Health/IsVirtualMachine**
Indicates whether the device is a virtual machine.
The data type is a string.
Supported operation is Get.
-**Configuration**
+**Configuration**
An interior node to group Windows Defender configuration information.
Supported operation is Get.
-**Configuration/TamperProtection**
+**Configuration/TamperProtection**
Tamper protection helps protect important security features from unwanted changes and interference. This protection includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
@@ -612,7 +612,7 @@ The data type is a Signed BLOB.
Supported operations are Add, Delete, Get, Replace.
-Intune tamper protection setting UX supports three states:
+Intune tamper protection setting UX supports three states:
- Not configured (default): Doesn't have any impact on the default state of the device.
- Enabled: Enables the tamper protection feature.
- Disabled: Turns off the tamper protection feature.
@@ -635,7 +635,7 @@ The data type is integer.
Supported operations are Add, Delete, Get, Replace.
-Valid values are:
+Valid values are:
- 1 – Enable.
- 0 (default) – Disable.
@@ -656,20 +656,20 @@ The data type is integer.
Supported operations are Add, Delete, Get, and Replace.
-Valid values are:
+Valid values are:
- 1 – Enable.
- 0 (default) – Disable.
-**Configuration/DisableCpuThrottleOnIdleScans**
+**Configuration/DisableCpuThrottleOnIdleScans**
-Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur.
+Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur.
-The data type is integer.
+The data type is integer.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
-Valid values are:
-- 1 (default) – Enable.
+Valid values are:
+- 1 (default) – Enable.
- 0 – Disable.
**Configuration/MeteredConnectionUpdates**
@@ -701,7 +701,7 @@ The data type is string.
Supported operations are Add, Delete, Get, and Replace.
-**Configuration/EnableFileHashComputation**
+**Configuration/EnableFileHashComputation**
Enables or disables file hash computation feature.
When this feature is enabled, Windows Defender will compute hashes for files it scans.
@@ -709,29 +709,29 @@ The data type is integer.
Supported operations are Add, Delete, Get, and Replace.
-Valid values are:
+Valid values are:
- 1 – Enable.
- 0 (default) – Disable.
-**Configuration/SupportLogLocation**
-The support log location setting allows the administrator to specify where the Microsoft Defender Antivirus diagnostic data collection tool (**MpCmdRun.exe**) will save the resulting log files. This setting is configured with an MDM solution, such as Intune, and is available for Windows 10 Enterprise.
+**Configuration/SupportLogLocation**
+The support log location setting allows the administrator to specify where the Microsoft Defender Antivirus diagnostic data collection tool (**MpCmdRun.exe**) will save the resulting log files. This setting is configured with an MDM solution, such as Intune, and is available for Windows 10 Enterprise.
Data type is string.
Supported operations are Add, Delete, Get, and Replace.
-Intune Support log location setting UX supports three states:
+Intune Support log location setting UX supports three states:
-- Not configured (default) - Doesn't have any impact on the default state of the device.
+- Not configured (default) - Doesn't have any impact on the default state of the device.
- 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path.
-- 0 - Disabled. Turns off the Support log location feature.
+- 0 - Disabled. Turns off the Support log location feature.
-When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
-More details:
+More details:
-- [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)
-- [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)
+- [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)
+- [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)
**Configuration/PlatformUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
@@ -744,7 +744,7 @@ Current Channel (Staged): Devices will be offered updates after the monthly grad
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
-Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only
+Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only
If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
@@ -761,10 +761,10 @@ Valid values are:
- 6: Critical- Time Delay
-More details:
+More details:
-- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
-- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
**Configuration/EngineUpdatesChannel**
Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
@@ -793,12 +793,12 @@ Valid values are:
- 5: Current Channel (Broad)
- 6: Critical- Time Delay
-More details:
+More details:
-- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
-- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
-**Configuration/SecurityIntelligenceUpdatesChannel**
+**Configuration/SecurityIntelligenceUpdatesChannel**
Enable this policy to specify when devices receive daily Microsoft Defender security intelligence (definition) updates during the daily gradual rollout.
Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%).
@@ -815,10 +815,10 @@ Valid Values are:
- 4: Current Channel (Staged)
- 5: Current Channel (Broad)
-More details:
+More details:
-- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
-- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
**Configuration/DisableGradualRelease**
Enable this policy to disable gradual rollout of monthly and daily Microsoft Defender updates.
@@ -837,10 +837,10 @@ Valid values are:
- 1 – Enabled.
- 0 (default) – Not Configured.
-More details:
+More details:
-- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
-- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)
**Configuration/PassiveRemediation**
This policy setting enables or disables EDR in block mode (recommended for devices running Microsoft Defender Antivirus in passive mode). For more information, see Endpoint detection and response in block mode | Microsoft Docs. Available with platform release: 4.18.2202.X
@@ -852,7 +852,7 @@ Supported values:
- 0: Turn EDR in block mode off
-**Scan**
+**Scan**
Node that can be used to start a Windows Defender scan on a device.
Valid values are:
@@ -861,16 +861,16 @@ Valid values are:
Supported operations are Get and Execute.
-**UpdateSignature**
+**UpdateSignature**
Node that can be used to perform signature updates for Windows Defender.
Supported operations are Get and Execute.
-**OfflineScan**
+**OfflineScan**
Added in Windows 10, version 1803. OfflineScan action starts a Microsoft Defender Offline scan on the computer where you run the command. After the next OS reboot, the device will start in Microsoft Defender Offline mode to begin the scan.
Supported operations are Get and Execute.
## See also
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 1a99f5c85b..b7851e330b 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,7 +1,7 @@
---
title: Defender DDF file
description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -16,7 +16,7 @@ ms.date: 07/23/2021
This article shows the OMA DM device description framework (DDF) for the Defender configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index a1b368c716..cf12739b69 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,7 +1,7 @@
---
title: DevDetail CSP
description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -68,55 +68,55 @@ DevDetail
--------WlanSubnetMask
--------DeviceHardwareData (Added in Windows 10, version 1703)
```
-**DevTyp**
+**DevTyp**
Required. Returns the device model name /SystemProductName as a string.
Supported operation is Get.
-**OEM**
+**OEM**
Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2.
Supported operation is Get.
-**FwV**
+**FwV**
Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision.
For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
Supported operation is Get.
-**SwV**
+**SwV**
Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge.
Supported operation is Get.
-**HwV**
+**HwV**
Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision.
For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
Supported operation is Get.
-**LrgObj**
+**LrgObj**
Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2.
Supported operation is Get.
-**URI/MaxDepth**
+**URI/MaxDepth**
Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0).
Supported operation is Get.
This value is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
-**URI/MaxTotLen**
+**URI/MaxTotLen**
Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0).
Supported operation is Get.
This value is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
-**URI/MaxSegLen**
+**URI/MaxSegLen**
Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0).
Supported operation is Get.
@@ -125,7 +125,7 @@ This value is the largest number of characters that the device can support in a
-**Ext/Microsoft/RadioSwV**
+**Ext/Microsoft/RadioSwV**
Required. Returns the radio stack software version number.
Supported operation is Get.
-**Ext/Microsoft/Resolution**
+**Ext/Microsoft/Resolution**
Required. Returns the UI screen resolution of the device (example: "480x800").
Supported operation is Get.
-**Ext/Microsoft/CommercializationOperator**
+**Ext/Microsoft/CommercializationOperator**
Required. Returns the name of the mobile operator if it exists. Otherwise, it returns 404.
Supported operation is Get.
-**Ext/Microsoft/ProcessorArchitecture**
+**Ext/Microsoft/ProcessorArchitecture**
Required. Returns the processor architecture of the device as "arm" or "x86".
Supported operation is Get.
-**Ext/Microsoft/ProcessorType**
+**Ext/Microsoft/ProcessorType**
Required. Returns the processor type of the device as documented in SYSTEM_INFO.
Supported operation is Get.
-**Ext/Microsoft/OSPlatform**
+**Ext/Microsoft/OSPlatform**
Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
Supported operation is Get.
-**Ext/Microsoft/LocalTime**
+**Ext/Microsoft/LocalTime**
Required. Returns the client local time in ISO 8601 format.
Supported operation is Get.
-**Ext/Microsoft/DeviceName**
+**Ext/Microsoft/DeviceName**
Required. Contains the user-specified device name.
Replace operation isn't supported in Windows client or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name doesn't take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
@@ -178,10 +178,10 @@ Value type is string.
Supported operations are Get and Replace.
-**Ext/Microsoft/DNSComputerName**
+**Ext/Microsoft/DNSComputerName**
Added in Windows 10, version 2004. This node specifies the DNS computer name for a device. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 63 characters. This node replaces the **Domain/ComputerName** node in [Accounts CSP](accounts-csp.md).
-The following are the available naming macros:
+The following are the available naming macros:
| Macro | Description | Example | Generated Name |
| -------| -------| -------| -------|
@@ -190,22 +190,22 @@ The following are the available naming macros:
Value type is string. Supported operations are Get and Replace.
-> [!NOTE]
+> [!NOTE]
> We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the computer's serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
-**Ext/Microsoft/TotalRAM**
+**Ext/Microsoft/TotalRAM**
Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
Supported operation is Get.
-**Ext/Microsoft/SMBIOSSerialNumber**
+**Ext/Microsoft/SMBIOSSerialNumber**
Added in Windows 10, version 1809. SMBIOS Serial Number of the device.
Value type is string. Supported operation is Get.
-**Ext/WLANMACAddress**
+**Ext/WLANMACAddress**
The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
Supported operation is Get.
@@ -213,32 +213,32 @@ Supported operation is Get.
> [!NOTE]
> This isn't supported in Windows 10 for desktop editions.
-**Ext/VoLTEServiceSetting**
+**Ext/VoLTEServiceSetting**
Returns the VoLTE service to on or off. This setting is only exposed to mobile operator OMA-DM servers.
Supported operation is Get.
-**Ext/WlanIPv4Address**
+**Ext/WlanIPv4Address**
Returns the IPv4 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA DM servers.
Supported operation is Get.
-**Ext/WlanIPv6Address**
+**Ext/WlanIPv6Address**
Returns the IPv6 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA-DM servers.
Supported operation is Get.
-**Ext/WlanDnsSuffix**
+**Ext/WlanDnsSuffix**
Returns the DNS suffix of the active Wi-Fi connection. This suffix is only exposed to enterprise OMA-DM servers.
Supported operation is Get.
-**Ext/WlanSubnetMask**
+**Ext/WlanSubnetMask**
Returns the subnet mask for the active Wi-Fi connection. This subnet mask is only exposed to enterprise OMA-DM servers.
Supported operation is Get.
-**Ext/DeviceHardwareData**
+**Ext/DeviceHardwareData**
Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
> [!NOTE]
@@ -248,4 +248,4 @@ Supported operation is Get.
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 957eb5558f..d19d909f71 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DevDetail DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 06/03/2020
This topic shows the OMA DM device description framework (DDF) for the **DevDetail** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index 592432a187..033ace2ec0 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -1,7 +1,7 @@
---
title: DeveloperSetup CSP
description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -33,49 +33,49 @@ DeveloperSetup
------------HttpPort
------------HttpsPort
```
-**DeveloperSetup**
+**DeveloperSetup**
The root node for the DeveloperSetup configuration service provider.
-**EnableDeveloperMode**
+**EnableDeveloperMode**
A Boolean value that is used to enable Developer Mode on the device. The default value is false.
The only supported operation is Replace.
-**DevicePortal**
-
The node for the Windows Device Portal.
+**DevicePortal**
+
The node for the Windows Device Portal.
-**DevicePortal/Authentication**
-
The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal.
+**DevicePortal/Authentication**
+
The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal.
-**DevicePortal/Authentication/Mode**
-
An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.
+**DevicePortal/Authentication/Mode**
+
An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.
The only supported operation is Replace.
-**DevicePortal/Authentication/BasicAuth**
-
The node that describes the credentials that are used for basic authentication with the Windows Device Portal.
+**DevicePortal/Authentication/BasicAuth**
+
The node that describes the credentials that are used for basic authentication with the Windows Device Portal.
-**DevicePortal/Authentication/BasicAuth/Username**
-
A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal.
+**DevicePortal/Authentication/BasicAuth/Username**
+
A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal.
The user name must contain only ASCII characters and cannot contain a colon (:).
The only supported operation is Replace.
-**DevicePortal/Authentication/BasicAuth/Password**
-
A string value that specifies the password to use when authenticating requests against the Windows Device Portal.
+**DevicePortal/Authentication/BasicAuth/Password**
+
A string value that specifies the password to use when authenticating requests against the Windows Device Portal.
The only supported operation is Replace.
-**DevicePortal/Connection**
-
The node for configuring connections to the Windows Device Portal service.
+**DevicePortal/Connection**
+
The node for configuring connections to the Windows Device Portal service.
-**DevicePortal/Connection/HttpPort**
-
An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service.
-If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort.
+**DevicePortal/Connection/HttpPort**
+
An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service.
+If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort.
The only supported operation is Replace.
-**DevicePortal/Connection/HttpsPort**
-
An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.
+**DevicePortal/Connection/HttpsPort**
+
An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.
The only supported operation is Replace.
\ No newline at end of file
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index ae96fa64df..1b7d9de267 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -1,7 +1,7 @@
---
title: DeveloperSetup DDF file
description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 29938e34dc..054ebc1774 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -1,7 +1,7 @@
---
title: DeviceLock CSP
description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -61,10 +61,10 @@ DeviceLock
-------------MinDevicePasswordComplexCharacters
```
-**Provider**
+**Provider**
Required. An interior node to group all policy providers. Scope is permanent. Supported operation is Get.
- ***ProviderID***
+ ***ProviderID***
Optional. The node that contains the configured management server's ProviderID. Exchange ActiveSync policies set by Exchange are saved by the Sync client separately. Scope is dynamic. The following operations are supported:
- **Add** - Add the management account to the configuration service provider tree.
@@ -76,7 +76,7 @@ Optional. The node that contains the configured management server's ProviderID.
-***ProviderID*/DevicePasswordEnabled**
+***ProviderID*/DevicePasswordEnabled**
Optional. An integer value that specifies whether device lock is enabled. Possible values include:
- 0 - Device lock is enabled.
@@ -86,7 +86,7 @@ The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/AllowSimpleDevicePassword**
+***ProviderID*/AllowSimpleDevicePassword**
Optional. An integer value that specifies whether simple passwords, such as "1111" or "1234", are allowed. Possible values include:
- 0 - Not allowed.
@@ -96,12 +96,12 @@ Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/MinDevicePasswordLength**
+***ProviderID*/MinDevicePasswordLength**
Optional. An integer value that specifies the minimum number of characters required in the PIN. Valid values are 4 to 18 inclusive. The default value is 4. Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/AlphanumericDevicePasswordRequired**
+***ProviderID*/AlphanumericDevicePasswordRequired**
Optional. An integer value that specifies the complexity of the password or PIN allowed.
Possible values include:
@@ -114,39 +114,39 @@ Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/DevicePasswordExpiration**
+***ProviderID*/DevicePasswordExpiration**
Deprecated in Windows 10.
-***ProviderID*/DevicePasswordHistory**
+***ProviderID*/DevicePasswordHistory**
Deprecated in Windows 10.
-***ProviderID*/MaxDevicePasswordFailedAttempts**
+***ProviderID*/MaxDevicePasswordFailedAttempts**
Optional. An integer value that specifies the number of authentication failures allowed before the device will be wiped. Valid values are 0 to 999. The default value is 0, which indicates the device won't be wiped, whatever the number of authentication failures.
Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/MaxInactivityTimeDeviceLock**
+***ProviderID*/MaxInactivityTimeDeviceLock**
Optional. An integer value that specifies the amount of time (in minutes) that the device can remain idle before it's password locked. Valid values are 0 to 999. A value of 0 indicates no time-out is specified. In this case, the maximum screen time-out allowed by the UI applies.
Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/MinDevicePasswordComplexCharacters**
+***ProviderID*/MinDevicePasswordComplexCharacters**
Optional. An integer value that specifies the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong password. Valid values are 1 to 3 for Windows client. The default value is 1.
Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-**DeviceValue**
+**DeviceValue**
Required. A permanent node that groups the policy values applied to the device. The server can query this node to discover what policy values are applied to the device. The scope is permanent.
Supported operation is Get.
-**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters**
+**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters**
Required. This node has the same set of policy nodes as the **ProviderID** node. All nodes under **DeviceValue** are read-only permanent nodes. Each node represents the current device lock policy. For detailed descriptions of each policy, see the ***ProviderID*** subnode descriptions.
## OMA DM examples
@@ -312,4 +312,4 @@ The value applied to the device can be queried via the nodes under the **DeviceV
[Policy CSP](policy-configuration-service-provider.md)
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index 974d878b01..e206a5b29e 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DeviceLock DDF file
description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index b650e3c405..70340fe1a6 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,7 +1,7 @@
---
title: DeviceManageability CSP
description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -26,7 +26,7 @@ The table below shows the applicability of Windows:
The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
-For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information.
+For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information.
The following example shows the DeviceManageability configuration service provider in a tree format.
```
@@ -40,40 +40,40 @@ DeviceManageability
------------EnrollmentInfo (Added in Windows 10, version 1709)
```
-**./Device/Vendor/MSFT/DeviceManageability**
+**./Device/Vendor/MSFT/DeviceManageability**
Root node to group information about runtime MDM configuration capability on the target device.
-**Capabilities**
+**Capabilities**
Interior node.
-**Capabilities/CSPVersions**
+**Capabilities/CSPVersions**
Returns the versions of all configuration service providers supported on the device for the MDM service.
-**Provider**
+**Provider**
Added in Windows 10, version 1709. Interior node.
-**Provider/_ProviderID_**
+**Provider/_ProviderID_**
Added in Windows 10, version 1709. Provider ID of the configuration source. ProviderID should be unique among the different config sources.
-**Provider/_ProviderID_/ConfigInfo**
+**Provider/_ProviderID_/ConfigInfo**
Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to use during sync session.
ConfigInfo value can only be set by the provider that owns the ProviderID. The value is readable by other config sources.
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**Provider/_ProviderID_/EnrollmentInfo**
+**Provider/_ProviderID_/EnrollmentInfo**
Added in Windows 10, version 1709. Enrollment information string value set by the configuration source and sent during MDM enrollment. It's readable by MDM server during sync session.
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Delete, and Replace.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index 23dd9b8cf6..5200da534c 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -1,7 +1,7 @@
---
title: DeviceManageability DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -16,7 +16,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is for Windows 10, version 1709.
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index c900b41939..4d74896075 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -1,7 +1,7 @@
---
title: DeviceStatus CSP
description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -71,12 +71,14 @@ DeviceStatus
--------VirtualizationBasedSecurityHwReq
--------VirtualizationBasedSecurityStatus
--------LsaCfgCredGuardStatus
+----CertAttestation
+--------MDMClientCertAttestation
```
-**DeviceStatus**
+**DeviceStatus**
The root node for the DeviceStatus configuration service provider.
-**DeviceStatus/SecureBootState**
+**DeviceStatus/SecureBootState**
Indicates whether secure boot is enabled. The value is one of the following values:
- 0 - Not supported
@@ -85,67 +87,67 @@ Indicates whether secure boot is enabled. The value is one of the following valu
Supported operation is Get.
-**DeviceStatus/CellularIdentities**
+**DeviceStatus/CellularIdentities**
Required. Node for queries on the SIM cards.
>[!NOTE]
>Multiple SIMs are supported.
-**DeviceStatus/CellularIdentities/***IMEI*
+**DeviceStatus/CellularIdentities/***IMEI*
The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
-**DeviceStatus/CellularIdentities/*IMEI*/IMSI**
+**DeviceStatus/CellularIdentities/*IMEI*/IMSI**
The International Mobile Subscriber Identity (IMSI) associated with the IMEI number.
Supported operation is Get.
-**DeviceStatus/CellularIdentities/*IMEI*/ICCID**
+**DeviceStatus/CellularIdentities/*IMEI*/ICCID**
The Integrated Circuit Card ID (ICCID) of the SIM card associated with the specific IMEI number.
Supported operation is Get.
-**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber**
+**DeviceStatus/CellularIdentities/*IMEI*/PhoneNumber**
Phone number associated with the specific IMEI number.
Supported operation is Get.
-**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator**
+**DeviceStatus/CellularIdentities/*IMEI*/CommercializationOperator**
The mobile service provider or mobile operator associated with the specific IMEI number.
Supported operation is Get.
-**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus**
+**DeviceStatus/CellularIdentities/*IMEI*/RoamingStatus**
Indicates whether the SIM card associated with the specific IMEI number is roaming.
Supported operation is Get.
-**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance**
+**DeviceStatus/CellularIdentities/*IMEI*/RoamingCompliance**
Boolean value that indicates compliance with the enforced enterprise roaming policy.
Supported operation is Get.
-**DeviceStatus/NetworkIdentifiers**
+**DeviceStatus/NetworkIdentifiers**
Node for queries on network and device properties.
-**DeviceStatus/NetworkIdentifiers/***MacAddress*
+**DeviceStatus/NetworkIdentifiers/***MacAddress*
MAC address of the wireless network card. A MAC address is present for each network card on the device.
-**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4**
+**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4**
IPv4 address of the network card associated with the MAC address.
Supported operation is Get.
-**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6**
+**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV6**
IPv6 address of the network card associated with the MAC address.
Supported operation is Get.
-**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected**
+**DeviceStatus/NetworkIdentifiers/*MacAddress*/IsConnected**
Boolean value that indicates whether the network card associated with the MAC address has an active network connection.
Supported operation is Get.
-**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type**
+**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type**
Type of network connection. The value is one of the following values:
- 2 - WLAN (or other Wireless interface)
@@ -154,10 +156,10 @@ Type of network connection. The value is one of the following values:
Supported operation is Get.
-**DeviceStatus/Compliance**
+**DeviceStatus/Compliance**
Node for the compliance query.
-**DeviceStatus/Compliance/EncryptionCompliance**
+**DeviceStatus/Compliance/EncryptionCompliance**
Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following values:
- 0 - Not encrypted
@@ -165,42 +167,42 @@ Boolean value that indicates compliance with the enterprise encryption policy fo
Supported operation is Get.
-**DeviceStatus/TPM**
+**DeviceStatus/TPM**
Added in Windows, version 1607. Node for the TPM query.
Supported operation is Get.
-**DeviceStatus/TPM/SpecificationVersion**
+**DeviceStatus/TPM/SpecificationVersion**
Added in Windows, version 1607. String that specifies the specification version.
Supported operation is Get.
-**DeviceStatus/OS**
+**DeviceStatus/OS**
Added in Windows, version 1607. Node for the OS query.
Supported operation is Get.
-**DeviceStatus/OS/Edition**
+**DeviceStatus/OS/Edition**
Added in Windows, version 1607. String that specifies the OS edition.
Supported operation is Get.
-**DeviceStatus/OS/Mode**
+**DeviceStatus/OS/Mode**
Added in Windows, version 1803. Read only node that specifies the device mode.
-Valid values:
+Valid values:
- 0 - The device is in standard configuration.
- 1 - The device is in S mode configuration.
Supported operation is Get.
-**DeviceStatus/Antivirus**
+**DeviceStatus/Antivirus**
Added in Windows, version 1607. Node for the antivirus query.
Supported operation is Get.
-**DeviceStatus/Antivirus/SignatureStatus**
+**DeviceStatus/Antivirus/SignatureStatus**
Added in Windows, version 1607. Integer that specifies the status of the antivirus signature.
Valid values:
@@ -218,7 +220,7 @@ If more than one antivirus provider is active, this node returns:
This node also returns 0 when no antivirus provider is active.
-**DeviceStatus/Antivirus/Status**
+**DeviceStatus/Antivirus/Status**
Added in Windows, version 1607. Integer that specifies the status of the antivirus.
Valid values:
@@ -231,12 +233,12 @@ Valid values:
Supported operation is Get.
-**DeviceStatus/Antispyware**
+**DeviceStatus/Antispyware**
Added in Windows, version 1607. Node for the anti-spyware query.
Supported operation is Get.
-**DeviceStatus/Antispyware/SignatureStatus**
+**DeviceStatus/Antispyware/SignatureStatus**
Added in Windows, version 1607. Integer that specifies the status of the anti-spyware signature.
Valid values:
@@ -254,7 +256,7 @@ If more than one anti-spyware provider is active, this node returns:
This node also returns 0 when no anti-spyware provider is active.
-**DeviceStatus/Antispyware/Status**
+**DeviceStatus/Antispyware/Status**
Added in Windows, version 1607. Integer that specifies the status of the anti-spyware.
Valid values:
@@ -266,12 +268,12 @@ Valid values:
Supported operation is Get.
-**DeviceStatus/Firewall**
+**DeviceStatus/Firewall**
Added in Windows, version 1607. Node for the firewall query.
Supported operation is Get.
-**DeviceStatus/Firewall/Status**
+**DeviceStatus/Firewall/Status**
Added in Windows, version 1607. Integer that specifies the status of the firewall.
Valid values:
@@ -284,75 +286,75 @@ Valid values:
Supported operation is Get.
-**DeviceStatus/UAC**
+**DeviceStatus/UAC**
Added in Windows, version 1607. Node for the UAC query.
Supported operation is Get.
-**DeviceStatus/UAC/Status**
+**DeviceStatus/UAC/Status**
Added in Windows, version 1607. Integer that specifies the status of the UAC.
Supported operation is Get.
-**DeviceStatus/Battery**
+**DeviceStatus/Battery**
Added in Windows, version 1607. Node for the battery query.
Supported operation is Get.
-**DeviceStatus/Battery/Status**
+**DeviceStatus/Battery/Status**
Added in Windows, version 1607. Integer that specifies the status of the battery
Supported operation is Get.
-**DeviceStatus/Battery/EstimatedChargeRemaining**
+**DeviceStatus/Battery/EstimatedChargeRemaining**
Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get.
-**DeviceStatus/Battery/EstimatedRuntime**
+**DeviceStatus/Battery/EstimatedRuntime**
Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get.
-**DeviceStatus/DomainName**
+**DeviceStatus/DomainName**
Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device isn't domain-joined, it returns an empty string.
Supported operation is Get.
-**DeviceStatus/DeviceGuard**
+**DeviceStatus/DeviceGuard**
Added in Windows, version 1709. Node for Device Guard query.
Supported operation is Get.
-**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
+**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask.
- 0x0: System meets hardware configuration requirements
-- 0x1: SecureBoot required
+- 0x1: SecureBoot required
- 0x2: DMA Protection required
- 0x4: HyperV not supported for Guest VM
- 0x8: HyperV feature isn't available
Supported operation is Get.
-**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
+**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
Added in Windows, version 1709. Virtualization-based security status. Value is one of the following:
- 0 - Running
-- 1 - Reboot required
-- 2 - 64-bit architecture required
-- 3 - Not licensed
-- 4 - Not configured
-- 5 - System doesn't meet hardware requirements
+- 1 - Reboot required
+- 2 - 64-bit architecture required
+- 3 - Not licensed
+- 4 - Not configured
+- 5 - System doesn't meet hardware requirements
- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details.
Supported operation is Get.
-**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
+**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
Added in Windows, version 1709. Local System Authority (LSA) credential guard status.
- 0 - Running
@@ -363,6 +365,11 @@ Added in Windows, version 1709. Local System Authority (LSA) credential guard s
Supported operation is Get.
+**DeviceStatus/CertAttestation/MDMClientCertAttestation**
+Added in Windows 11, version 22H2. MDM Certificate attestation information. This will return an XML blob containing the relevant attestation fields.
+
+Supported operation is Get.
+
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 9019f6a5b9..a13d8ad0e9 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -1,7 +1,7 @@
---
title: DeviceStatus DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 03/12/2018
This topic shows the OMA DM device description framework (DDF) for the **DeviceStatus** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is for Windows 10, version 1803.
@@ -25,862 +25,904 @@ The XML below is for Windows 10, version 1803.
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[]>
- 1.2
-
+ 1.2
+ DeviceStatus./Vendor/MSFT
-
-
-
-
-
-
-
-
-
-
-
-
-
- com.microsoft/1.4/MDM/DeviceStatus
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.4/MDM/DeviceStatus
+
- SecureBootState
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- CellularIdentities
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ SecureBootState
-
-
-
-
-
-
-
-
-
-
-
-
- IMEI
-
-
-
-
-
- IMSI
-
-
+
-
+
-
+
-
+
- text/plain
+ text/plain
-
-
-
- ICCID
-
+
+
+
+ CellularIdentities
+
-
+
-
+
-
+
-
+
- text/plain
+
-
-
-
- PhoneNumber
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- CommercializationOperator
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RoamingStatus
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- RoamingCompliance
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
-
- NetworkIdentifiers
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- MacAddress
-
-
-
- IPAddressV4
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IMEI
+
+
+
+
+
+ IMSI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ICCID
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PhoneNumber
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ CommercializationOperator
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RoamingStatus
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RoamingCompliance
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ NetworkIdentifiers
+
-
+
-
+
-
+
-
+
- text/plain
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ MacAddress
+
+
+
+
+
+ IPAddressV4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IPAddressV6
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IsConnected
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Type
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ Compliance
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EncryptionCompliance
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ TPM
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ SpecificationVersion
+
+
+
+
+ Not available
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ OS
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Edition
+
+
+
+
+ Not available
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
- IPAddressV6
-
+ Mode
+
+
+
+
+ Not available
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Antivirus
+
-
+
-
+
-
+
-
+
- text/plain
+
-
+
+
+ SignatureStatus
+
+
+
+
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
- IsConnected
-
+ Status
+
+
+
+
+ 3
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Antispyware
+
-
+
-
+
-
+
-
+
- text/plain
+
-
+
+
+ SignatureStatus
+
+
+
+
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
- Type
-
+ Status
+
+
+
+
+ 3
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Firewall
+
-
+
-
+
-
+
-
+
- text/plain
+
-
+
+
+ Status
+
+
+
+
+ 3
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
-
- Compliance
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- EncryptionCompliance
+ UAC
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+ Status
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
- TPM
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- SpecificationVersion
+ Battery
-
-
-
- Not available
-
-
-
-
-
-
-
-
-
-
- text/plain
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+ Status
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EstimatedChargeRemaining
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EstimatedRuntime
+
+
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
- OS
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Edition
+ DomainName
-
-
-
- Not available
-
-
-
-
-
-
-
-
-
-
- text/plain
-
+
+
+
+ Returns the fully qualified domain name of the device(if any).
+
+
+
+
+
+
+
+
+
+ DomainName
+
+ text/plain
+
-
-
- Mode
-
-
-
-
- Not available
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
- Antivirus
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- SignatureStatus
+ DeviceGuard
-
-
-
- 1
-
-
-
-
-
-
-
-
-
-
- text/plain
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
- Status
-
-
-
-
- 3
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
+
+ VirtualizationBasedSecurityHwReq
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ VirtualizationBasedSecurityStatus
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LsaCfgCredGuardStatus
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
- Antispyware
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- SignatureStatus
+ CertAttestation
-
-
-
- 1
-
-
-
-
-
-
-
-
-
-
- text/plain
-
+
+
+
+ Node for Certificate Attestation
+
+
+
+
+
+
+
+
+
+
+
+
-
-
- Status
-
-
-
-
- 3
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
+
+ MDMClientCertAttestation
+
+
+
+
+ MDM Certificate attestation information. This will return an XML blob containing the relevent attestation fields.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
- Firewall
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Status
-
-
-
-
- 3
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- UAC
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Status
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- Battery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Status
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- EstimatedChargeRemaining
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- EstimatedRuntime
-
-
-
-
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
- DomainName
-
-
-
-
- Returns the fully qualified domain name of the device(if any).
-
-
-
-
-
-
-
-
-
- DomainName
-
- text/plain
-
-
-
-
- DeviceGuard
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- VirtualizationBasedSecurityHwReq
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- VirtualizationBasedSecurityStatus
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- LsaCfgCredGuardStatus
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
-
+
```
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index fe9309086b..0ed5356c9d 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -1,7 +1,7 @@
---
title: DevInfo CSP
description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -43,7 +43,7 @@ DevInfo
----Lang
```
-**DevId**
+**DevId**
Required. Returns an application-specific global unique device identifier by default.
Supported operation is Get.
@@ -55,30 +55,30 @@ The **UseHWDevID** parm of the [DMAcc configuration service provider](dmacc-csp.
- For dual SIM phones, this value is retrieved from the UICC of the primary data line.
- For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns an application specific global unique identifier (GUID) irrespective of the value of UseHWDevID.
-**Man**
+**Man**
Required. Returns the name of the OEM. For Windows 10 for desktop editions, it returns the SystemManufacturer as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemManufacturer.
If no name is found, this returns to "Unknown".
Supported operation is Get.
-**Mod**
+**Mod**
Required. Returns the name of the hardware device model as specified by the mobile operator. For Windows 10/Windows 11 desktop editions, it returns the SystemProductName as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemProductName.
If no name is found, this returns to "Unknown".
Supported operation is Get.
-**DmV**
+**DmV**
Required. Returns the current management client revision of the device.
Supported operation is Get.
-**Lang**
+**Lang**
Required. Returns the current user interface (UI) language setting of the device as defined by RFC1766.
Supported operation is Get.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index ae70ac7ba1..98492f8b3f 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DevInfo DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **DevInfo** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 119d455dec..8924241e4d 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -1,7 +1,7 @@
---
title: DiagnosticLog CSP
description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -102,7 +102,7 @@ The data type is string.
Expected value:
Set and Execute are functionality equivalent, and each accepts a `Collection` XML snippet (as a string) describing what data to gather and where to upload it. The results are zipped and uploaded to the specified SasUrl. The zipped filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip".
-With Windows 10 KB5011543, Windows 11 KB5011563, we have added support for an extra element that will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML.
+With Windows 10 KB5011543, Windows 11 KB5011563, we have added support for an extra element that will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML.
The following example shows a `Collection` XML:
@@ -195,7 +195,7 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
- **OutputFileFormat**
- Flattens folder structure, instead of having individual folders for each directive in the XML.
- - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure.
+ - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure.
**DiagnosticArchive/ArchiveResults**
Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.
@@ -268,7 +268,7 @@ la--- 1/4/2021 2:45 PM 2
la--- 12/2/2020 6:27 PM 2701 results.xml
```
-Each data gathering directive from the original `Collection` XML corresponds to a folder in the output.
+Each data gathering directive from the original `Collection` XML corresponds to a folder in the output.
For example, the first directive was:
```xml
@@ -565,7 +565,7 @@ The data type is string.
Default string is as follows:
-`https://docs.microsoft.com/windows/'desktop/WES/eventmanifestschema-channeltype-complextype`
+`https://learn.microsoft.com/windows/'desktop/WES/eventmanifestschema-channeltype-complextype`
Add **SDDL**
@@ -921,7 +921,7 @@ For each channel node, the user can:
- Enable or disable the channel from Event Log service to allow or disallow event data being written into the channel.
- Specify an XPath query to filter events while exporting the channel event data.
-For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md).
+For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10]((../diagnose-mdm-failures-in-windows-10.md).
To gather diagnostics using this CSP:
@@ -1677,4 +1677,4 @@ To read a log file:
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 379b38b3fe..05a0e4d332 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,7 +1,7 @@
---
title: DiagnosticLog DDF
description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The content below are the latest versions of the DDF files:
@@ -2028,7 +2028,7 @@ The content below are the latest versions of the DDF files:
- SDDL String controlling access to the channel. Default: https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype
+ SDDL String controlling access to the channel. Default: https://learn.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype
@@ -2178,9 +2178,3 @@ The content below are the latest versions of the DDF files:
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index ad9d6ccc76..8218509c6f 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,7 +1,7 @@
---
title: DMAcc CSP
description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -71,76 +71,76 @@ DMAcc
----------------DisableOnRoaming
----------------SSLCLIENTCERTSEARCHCRITERIA
```
-**DMAcc**
+**DMAcc**
Required. Defines the root node of all OMA DM server accounts that use the OMA DM version 1.2 protocol.
-***AccountUID***
+***AccountUID***
Optional. Defines the unique identifier for an OMA DM server account that uses the OMA DM version 1.2 protocol.
For a [w7 APPLICATION configuration service provider](w7-application-csp.md) bootstrapped account, this element is assigned a unique name by the OMA DM Client. The unique name is the hexadecimal representation of the 256-bit SHA-2 hash of the provider ID. The OMA DM server can change this node name in subsequent OMA DM sessions.
-***AccountUID*/AppID**
+***AccountUID*/AppID**
Required. Specifies the application identifier for the OMA DM account.
This value must be set to "w7".
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/ServerID**
+***AccountUID*/ServerID**
Required. Specifies the OMA DM server's unique identifier for the current OMA DM account. This value is case-sensitive.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/Name**
+***AccountUID*/Name**
Optional. Specifies the display name of the application.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/PrefConRef**
+***AccountUID*/PrefConRef**
Optional. Specifies the preferred connectivity for the OMA DM account.
This element contains either a URI to a NAP management object or a connection GUID used by Connection Manager. If this element is missing, the device uses the default connection that is provided by Connection Manager.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/AppAddr**
+***AccountUID*/AppAddr**
Interior node for DM server address.
Required.
-**AppAddr/***ObjectName*
+**AppAddr/***ObjectName*
Required. Defines the OMA DM server address. Only one server address can be configured.
When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1". This DM address is the first one encountered in the w7 APPLICATION configuration service provider; other DM accounts are ignored.
-***ObjectName*/Addr**
+***ObjectName*/Addr**
Required. Specifies the address of the OMA DM account. The type of address stored is specified by the AddrType element.
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/AddrType**
+***ObjectName*/AddrType**
Required. Specifies the format and interpretation of the Addr node value. The default is "URI".
The default value of "URI" specifies that the OMA DM account address in **Addr** is a URI address. A value of "IPv4" specifies that the OMA DM account address in **Addr** is an IP address.
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/Port**
+***ObjectName*/Port**
Interior node for port information.
Optional.
-**Port/***ObjectName*
+**Port/***ObjectName*
Required. Only one port number can be configured.
When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1".
-***ObjectName*/PortNbr**
+***ObjectName*/PortNbr**
Required. Specifies the port number of the OMA MD account address. This number must be a decimal number that fits within the range of a 16-bit unsigned integer.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/AAuthPref**
+***AccountUID*/AAuthPref**
Optional. Specifies the application authentication preference.
A value of "BASIC" specifies that the client attempts BASIC authentication. A value of "DIGEST' specifies that the client attempts MD5 authentication.
@@ -149,98 +149,98 @@ If this value is empty, the client attempts to use the authentication mechanism
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/AppAuth**
+***AccountUID*/AppAuth**
Optional. Defines authentication settings.
-**AppAuth/***ObjectName*
+**AppAuth/***ObjectName*
Required. Defines one set of authentication settings.
When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED").
-***ObjectName*/AAuthlevel**
+***ObjectName*/AAuthlevel**
Required. Specifies the application authentication level.
A value of "CLCRED" indicates that the credentials client will authenticate itself to the OMA DM server at the OMA DM protocol level. A value of "SRVCRED" indicates that the credentials server will authenticate itself to the OMA DM Client at the OMA DM protocol level.
Value type is string. Supported operations are Add and Replace.
-***ObjectName*/AAuthType**
+***ObjectName*/AAuthType**
Required. Specifies the authentication type.
If the AAuthlevel is "CLCRED", the supported values are "BASIC" and "DIGEST". If the AAuthlevel is "SRVCRED", the supported value is "DIGEST".
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/AAuthName**
+***ObjectName*/AAuthName**
Optional. Specifies the authentication name.
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/AAuthSecret**
+***ObjectName*/AAuthSecret**
Optional. Specifies the password or secret used for authentication.
Value type is string. Supported operations are Add and Replace.
-***ObjectName*/AAuthData**
+***ObjectName*/AAuthData**
Optional. Specifies the next nonce used for authentication.
"Nonce" refers to a number used once. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in repeat attacks.
Value type is binary. Supported operations are Add and Replace.
-***AccountUID*/Ext**
+***AccountUID*/Ext**
Required. Defines a set of extended parameters.
This element holds vendor-specific information about the OMA DM account and is created automatically when the OMA DM account is created.
-**Ext/Microsoft**
+**Ext/Microsoft**
Required. Defines a set of Microsoft-specific extended parameters.
This element is created automatically when the OMA DM account is created.
-**Microsoft/BackCompatRetryDisabled**
+**Microsoft/BackCompatRetryDisabled**
Optional. Specifies whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr on subsequent attempts (not including the first time). The default is "FALSE".
The default value of "FALSE" indicates that backward-compatible retries are enabled. A value of "TRUE" indicates that backward-compatible retries are disabled.
Value type is bool. Supported operations are Add, Get, and Replace.
-**Microsoft/ConnRetryFreq**
+**Microsoft/ConnRetryFreq**
Optional. Specifies the number of retries the DM client performs when there are Connection Manager level or wininet level errors.
The default value is 3.
Value type is integer. Supported operations are Add, Get, and Replace.
-**Microsoft/DefaultEncoding**
+**Microsoft/DefaultEncoding**
Optional. Specifies whether the OMA DM client will use WBXML or XML for the DM package when communicating with the server. The default is "application/vnd.syncml.dm+xml".
The default value of "application/vnd.syncml.dm+xml" specifies that XML is used. A value of "application/vnd.syncml.dm+wbxml" specifies that WBXML is used.
Value type is string. Supported operations are Add, Get, and Replace.
-**Microsoft/InitialBackOffTime**
+**Microsoft/InitialBackOffTime**
Optional. Specifies the initial wait time in milliseconds when the OMA DM client retries for the first time. The wait time grows exponentially.
The default value is 16000.
Value type is integer. Supported operations are Add, Get, and Replace.
-**Microsoft/MaxBackOffTime**
+**Microsoft/MaxBackOffTime**
Optional. This node specifies the maximum number of milliseconds to wait before attempting a connection retry.
The default value is 86400000.
Value type is integer. Supported operations are Add, Get, and Replace.
-**Microsoft/ProtoVer**
+**Microsoft/ProtoVer**
Optional. Specifies the OMA DM Protocol version that the server supports. There's no default value.
Valid values are "1.1" and "1.2". The protocol version set by this element will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this element isn't specified when adding a DM server account, the latest DM protocol version that the client supports is used. Windows 10 clients support version 1.2.
Value type is string. Supported operations are Add, Get, and Replace.
-**Microsoft/Role**
+**Microsoft/Role**
Required. Specifies the role mask that the OMA DM session runs with when it communicates with the server.
If this parameter isn't present, the DM session is given the role mask of the OMA DM session that the server created. The following list shows the valid security role masks and their values.
@@ -254,7 +254,7 @@ The acceptable access roles for this node can't be more than the roles assigned
Value type is integer. Supported operations are Get and Replace.
-**Microsoft/UseHWDevID**
+**Microsoft/UseHWDevID**
Optional. Specifies whether to use the hardware ID for the ./DevInfo/DevID element in the DM account to identify the device. The default is "FALSE".
The default value of "FALSE" specifies that an application-specific GUID is returned for the ./DevInfo/DevID rather than the hardware device ID.
@@ -267,7 +267,7 @@ A value is "TRUE" specifies that the hardware device ID will be provided for the
Value type is bool. Supported operations are Add, Get, and Replace.
-**Microsoft/UseNonceResync**
+**Microsoft/UseNonceResync**
Optional. Specifies whether the OMA DM client should use the nonce resynchronization procedure if the server trigger notification fails authentication. The default is "FALSE".
If the authentication fails because the server nonce doesn't match the server nonce that is stored on the device, then the device can use the backup nonce as the server nonce. For this procedure to be successful, if the device didn't authenticate with the preconfigured nonce value, the server must then use the backup nonce when sending the signed server notification message.
@@ -276,17 +276,17 @@ The default value of "FALSE" specifies that the client doesn't try to authentica
Value type is bool. Supported operations are Add, Get, and Replace.
-**CRLCheck**
+**CRLCheck**
Optional. Allows connection to the DM server to check the Certificate Revocation List (CRL). Set to true to enable SSL revocation.
Value type is bool. Supported operations are Add, Get, and Replace.
-**DisableOnRoaming**
+**DisableOnRoaming**
Optional. Determines whether the OMA DM client should be launched when roaming.
Value type is bool. Supported operations are Add, Get, and Replace.
-**SSLCLIENTCERTSEARCHCRITERIA**
+**SSLCLIENTCERTSEARCHCRITERIA**
Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored.
The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC.
@@ -301,17 +301,17 @@ Stores specifies which certificate stores the DM client will search to find the
Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following schema:
```xml
-
```
Value type is string. Supported operations are Add, Get, and Replace.
-**InitiateSession**
+**InitiateSession**
Optional. When this node is added, a session is started with the MDM server.
Supported operations are Add, and Replace.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 4ba6320269..2d0f472a36 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DMAcc DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **DMAcc** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index dbaec53d02..6013c649ce 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -1,7 +1,7 @@
---
title: DMClient CSP
description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -93,36 +93,36 @@ DMClient
----UpdateManagementServiceAddress
```
-**./Vendor/MSFT**
+**./Vendor/MSFT**
All the nodes in this CSP are supported in the device context, except for the **ExchangeID** node, which is supported in the user context. For the device context, use the **./Device/Vendor/MSFT** path and for the user context, use the **./User/Vendor/MSFT** path.
-**DMClient**
+**DMClient**
Root node for the CSP.
-**UpdateManagementServiceAddress**
+**UpdateManagementServiceAddress**
For provisioning packages only. Specifies the list of servers (semicolon delimited). The first server in the semicolon-delimited list is the server that will be used to instantiate MDM sessions. The list can be a permutation or a subset of the existing server list. You can't add new servers to the list using this node.
-**HWDevID**
+**HWDevID**
Added in Windows 10, version 1703. Returns the hardware device ID.
Supported operation is Get. Value type is string.
-**Provider**
+**Provider**
Required. The root node for all settings that belong to a single management server. Scope is permanent.
Supported operation is Get.
-**Provider/***ProviderID*
+**Provider/***ProviderID*
Required. This node contains the URI-encoded value of the bootstrapped device management account’s Provider ID. Scope is dynamic. This value is set and controlled by the MDM provider. As a best practice, use text that doesn’t require XML/URI escaping.
Supported operations are Get and Add.
-**Provider/*ProviderID*/EntDeviceName**
+**Provider/*ProviderID*/EntDeviceName**
Optional. Character string that contains the user-friendly device name used by the IT admin console. The value is set during the enrollment process using the DMClient CSP. You can retrieve it later during an OMA DM session.
Supported operations are Get and Add.
-**Provider/*ProviderID*/EntDMID**
+**Provider/*ProviderID*/EntDMID**
Optional. Character string that contains the unique enterprise device ID. The value is set by the management server during the enrollment process using the DMClient CSP. You can retrieve it later during an OMA DM session.
Supported operations are Get and Add.
@@ -131,7 +131,7 @@ Supported operations are Get and Add.
> Although hardware device IDs are guaranteed to be unique, there's a concern that this isn't ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION CSP’s **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server.
This node is required and must be set by the server before the client certificate renewal is triggered.
-**Provider/*ProviderID*/ExchangeID**
+**Provider/*ProviderID*/ExchangeID**
Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. The enterprise management server can correlate and merge records for:
- A device that's managed by Exchange.
@@ -155,17 +155,17 @@ The following XML is a Get command example:
```
-**Provider/*ProviderID*/SignedEntDMID**
+**Provider/*ProviderID*/SignedEntDMID**
Optional. Character string that contains the device ID. This node and the nodes **CertRenewTimeStamp** can be used by the MDM provider to verify client identity to update the registration record after the device certificate is renewed. The device signs the **EntDMID** with the old client certificate during the certificate renewal process and saves the signature locally.
Supported operation is Get.
-**Provider/*ProviderID*/CertRenewTimeStamp**
+**Provider/*ProviderID*/CertRenewTimeStamp**
Optional. The time in OMA DM standard time format. This node is designed to reduce the risk of the certificate being used by another device. The device records the time that the new certificate was created.
Supported operation is Get.
-**Provider/*ProviderID*/ManagementServiceAddress**
+**Provider/*ProviderID*/ManagementServiceAddress**
Required. The character string that contains the device management server address. It can be updated during an OMA DM session by the management server. It allows the server to load balance to another server when too many devices are connected to the server.
> [!NOTE]
@@ -179,27 +179,27 @@ During a DM session, the device will use the first address on the list and then
Supported operations are Add, Get, and Replace.
-**Provider/*ProviderID*/UPN**
+**Provider/*ProviderID*/UPN**
Optional. Allows the management server to update the User Principal Name (UPN) of the enrolled user. This information is useful when the user's email address changes in the identity system. Or, when the user enters an invalid UPN during enrollment, and fixes the UPN during federated enrollment. The UPN will be recorded and the UX will reflect the updated UPN.
Supported operations are Get and Replace.
-**Provider/*ProviderID*/HelpPhoneNumber**
+**Provider/*ProviderID*/HelpPhoneNumber**
Optional. The character string that allows the user experience to include a customized help phone number. Users can see this information if they need help or support.
Supported operations are Get, Replace, and Delete.
-**Provider/*ProviderID*/HelpWebsite**
+**Provider/*ProviderID*/HelpWebsite**
Optional. The character string that allows the user experience to include a customized help website. Users can see this information if they need help or support.
Supported operations are Get, Replace, and Delete
-**Provider/*ProviderID*/HelpEmailAddress**
+**Provider/*ProviderID*/HelpEmailAddress**
Optional. The character string that allows the user experience to include a customized help email address. Users can see this information if they need help or support.
Supported operations are Get, Replace, and Delete.
-**Provider/*ProviderID*/RequireMessageSigning**
+**Provider/*ProviderID*/RequireMessageSigning**
Boolean type. Primarily used for SSL bridging mode where firewalls and proxies are deployed and where device client identity is required. When enabled, every SyncML message from the device will carry an additional HTTP header named MDM-Signature. This header contains BASE64-encoded Cryptographic Message Syntax using a Detached Signature of the complete SyncML message SHA-2 (inclusive of the SyncHdr and SyncBody). Signing is performed using the private key of the management session certificate that was enrolled as part of the enrollment process. The device public key and PKCS9 UTC signing time stamp are included in the authenticated attributes in the signature.
Default value is false, where the device management client doesn't include authentication information in the management session HTTP header. Optionally set to true, where the client authentication information is provided in the management session HTTP header.
@@ -212,7 +212,7 @@ When enabled, the MDM provider should:
Supported operations are Get, Replace, and Delete.
-**Provider/*ProviderID*/SyncApplicationVersion**
+**Provider/*ProviderID*/SyncApplicationVersion**
Optional. Used by the management server to set the DM session version that the server and device should use. Default is 1.0. In Windows 10, the DM session protocol version of the client is 2.0. If the server is updated to support 2.0, then you should set this value to 2.0. In the next session, check to see if there's a client behavior change between 1.0 and 2.0.
> [!NOTE]
@@ -222,19 +222,19 @@ Once you set the value to 2.0, it won't go back to 1.0.
Supported operations are Get, Replace, and Delete.
-**Provider/*ProviderID*/MaxSyncApplicationVersion**
+**Provider/*ProviderID*/MaxSyncApplicationVersion**
Optional. Used by the client to indicate the latest DM session version that it supports. Default is 2.0.
When you query this node, a Windows 10 client will return 2.0 and a Windows 8.1 client will return an error code (404 node not found).
Supported operation is Get.
-**Provider/*ProviderID*/AADResourceID**
+**Provider/*ProviderID*/AADResourceID**
Optional. This ResourceID is used when requesting the user token from the OMA DM session for Azure Active Directory (Azure AD) enrollments (Azure AD Join or Add Accounts). The token is audience-specific, which allows for different service principals (enrollment vs. device management). It can be an application ID or the endpoint that you're trying to access.
-For more information about Azure AD enrollment, see [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).
+For more information about Azure AD enrollment, see [Azure Active Directory integration with MDM](../azure-active-directory-integration-with-mdm.md).
-**Provider/*ProviderID*/EnableOmaDmKeepAliveMessage**
+**Provider/*ProviderID*/EnableOmaDmKeepAliveMessage**
Added in Windows 10, version 1511. A boolean value that specifies whether the DM client should send out a request pending alert in case the device response to a DM request is too slow.
When the server sends a configuration request, the client can take longer than the HTTP timeout to get all information together. The session might end unexpectedly because of the timeout. By default, the MDM client doesn't send an alert that a DM request is pending.
@@ -260,7 +260,7 @@ Here's an example of DM message sent by the device when it's in pending state:
2
- 1224
+ 1224
Reversed-Domain-Name:com.microsoft.mdm.requestpending
@@ -272,27 +272,27 @@ Here's an example of DM message sent by the device when it's in pending state:
```
-**Provider/*ProviderID*/AADDeviceID**
+**Provider/*ProviderID*/AADDeviceID**
Added in Windows 10, version 1607. Returns the device ID for the Azure AD device registration.
Supported operation is Get.
-**Provider/*ProviderID*/EnrollmentType**
+**Provider/*ProviderID*/EnrollmentType**
Added in Windows 10, version 1607. Returns the enrollment type (Device or Full).
Supported operation is Get.
-**Provider/*ProviderID*/HWDevID**
+**Provider/*ProviderID*/HWDevID**
Added in Windows 10, version 1607. Returns the hardware device ID.
Supported operation is Get.
-**Provider/*ProviderID*/CommercialID**
+**Provider/*ProviderID*/CommercialID**
Added in Windows 10, version 1607. It configures the identifier that uniquely associates the device's diagnostic data belonging to the organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization, then use this setting to provide that identification. The value for this setting is provided by Microsoft in the onboarding process for the program. If you disable or don't configure this policy setting, then Microsoft can't use this identifier to associate this machine and its diagnostic data with your organization.
Supported operations are Add, Get, Replace, and Delete.
-**Provider/*ProviderID*/ManagementServerAddressList**
+**Provider/*ProviderID*/ManagementServerAddressList**
Added in Windows 10, version 1607. The list of management server URLs in the format <URL1><URL2><URL3>, and so on. If there's only one, the angle brackets (<>) aren't required.
> [!NOTE]
@@ -320,25 +320,25 @@ Supported operations are Get and Replace.
Value type is string.
-**Provider/*ProviderID*/ManagementServerToUpgradeTo**
+**Provider/*ProviderID*/ManagementServerToUpgradeTo**
Optional. Added in Windows 10, version 1703. Specify the Discovery server URL of the MDM provider to upgrade to for a Mobile Application Management (MAM) enrolled device.
Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/NumberOfDaysAfterLostContactToUnenroll**
+**Provider/*ProviderID*/NumberOfDaysAfterLostContactToUnenroll**
Optional. Number of days after last successful sync to unenroll.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is integer.
-**Provider/*ProviderID*/AADSendDeviceToken**
+**Provider/*ProviderID*/AADSendDeviceToken**
Device. Added in Windows 10 version 1803. For Azure AD backed enrollments, this feature will cause the client to send a Device Token if the User Token can't be obtained.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is bool.
@@ -347,7 +347,7 @@ The value type is integer/enum.
The value is "1" and it means client should always send Azure Active Directory device token during check-in/sync.
-**Provider/*ProviderID*/Poll**
+**Provider/*ProviderID*/Poll**
Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
Supported operations are Get and Add.
@@ -391,7 +391,7 @@ If there's no infinite schedule set, then a 24-hour schedule is created and sche
|NumberOfSecondRetries|0|0|
|IntervalForRemainingScheduledRetries|0|0|
|NumberOfRemainingScheduledRetries|0|0|
-
+
**Invalid poll schedule: two infinite schedules**
|Schedule name|Schedule set by server|Actual schedule set on device|Actual experience|
@@ -407,14 +407,14 @@ If the device was previously enrolled in MDM with polling schedule configured us
When using the DMClient CSP to configure polling schedule parameters, the server must not set all six polling parameters to 0, or set all three number of retry nodes to 0. It will cause a configuration failure.
-**Provider/*ProviderID*/Poll/IntervalForFirstSetOfRetries**
+**Provider/*ProviderID*/Poll/IntervalForFirstSetOfRetries**
Optional. The waiting time (in minutes) for the initial set of retries, which is the number of retries in `//Poll/NumberOfFirstRetries`. If IntervalForFirstSetOfRetries isn't set, then the default value is used. The default value is 15. If the value is set to 0, this schedule is disabled.
Supported operations are Get and Replace.
The IntervalForFirstSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\AuxRetryInterval path that previously used the Registry CSP.
-**Provider/*ProviderID*/Poll/NumberOfFirstRetries**
+**Provider/*ProviderID*/Poll/NumberOfFirstRetries**
Optional. The number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. If the value is set to 0 and the IntervalForFirstSetOfRetries value isn't 0, then the schedule will be set to repeat an infinite number of times and second set and this set of schedule won't set in this case. The default value is 10.
Supported operations are Get and Replace.
@@ -423,14 +423,14 @@ The NumberOfFirstRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enro
The first set of retries gives the management server some buffered time to be ready to send policy and setting configurations to the device. The total time for first set of retries shouldn't be more than a few hours. The server shouldn't set NumberOfFirstRetries to 0. RemainingScheduledRetries is used for the long run device polling schedule.
-**Provider/*ProviderID*/Poll/IntervalForSecondSetOfRetries**
+**Provider/*ProviderID*/Poll/IntervalForSecondSetOfRetries**
Optional. The waiting time (in minutes) for the second set of retries, which is the number of retries in `//Poll/NumberOfSecondRetries`. Default value is 0. If this value is set to zero, then this schedule is disabled.
Supported operations are Get and Replace.
The IntervalForSecondSetOfRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\RetryInterval path that previously used the Registry CSP.
-**Provider/*ProviderID*/Poll/NumberOfSecondRetries**
+**Provider/*ProviderID*/Poll/NumberOfSecondRetries**
Optional. The number of times the DM client should retry a second round of connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForSecondSetOfRetries isn't set to 0 AND the first set of retries isn't set as infinite retries, then the schedule repeats an infinite number of times. However, if the first set of retries is set at infinite, then this schedule is disabled.
Supported operations are Get and Replace.
@@ -439,28 +439,28 @@ The NumberOfSecondRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enr
The second set of retries is also optional and temporarily retries that the total duration should be last for more than a day. And the IntervalForSecondSetOfRetries should be longer than IntervalForFirstSetOfRetries. RemainingScheduledRetries is used for the long run device polling schedule.
-**Provider/*ProviderID*/Poll/IntervalForRemainingScheduledRetries**
+**Provider/*ProviderID*/Poll/IntervalForRemainingScheduledRetries**
Optional. The waiting time (in minutes) for the initial set of retries, which is the number of retries in `//Poll/NumberOfRemainingScheduledRetries`. Default value is 0. If IntervalForRemainingScheduledRetries is set to 0, then this schedule is disabled.
Supported operations are Get and Replace.
The IntervalForRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2RetryInterval path that previously used the Registry CSP.
-**Provider/*ProviderID*/Poll/NumberOfRemainingScheduledRetries**
+**Provider/*ProviderID*/Poll/NumberOfRemainingScheduledRetries**
Optional. The number of times the DM client should retry connecting to the server when the client is initially configured/enrolled to communicate with the server. Default value is 0. If the value is set to 0 and IntervalForRemainingScheduledRetries AND the first and second set of retries aren't set as infinite retries, then the schedule will be set to repeat for an infinite number of times. However, if either or both of the first and second set of retries are set as infinite, then this schedule will be disabled.
Supported operations are Get and Replace.
The NumberOfRemainingScheduledRetries replaces the deprecated HKLM\\Software\\Microsoft\\Enrollment\\OmaDmRetry\\Aux2NumRetries path that previously used the Registry CSP.
-The RemainingScheduledRetries is used for the long run device polling schedule.
+The RemainingScheduledRetries is used for the long run device polling schedule.
-**Provider/*ProviderID*/Poll/PollOnLogin**
+**Provider/*ProviderID*/Poll/PollOnLogin**
Optional. Boolean value that allows the IT admin to require the device to start a management session on any user login, even if the user has previously logged in. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false.
Supported operations are Add, Get, and Replace.
-**Provider/*ProviderID*/Poll/AllUsersPollOnFirstLogin**
+**Provider/*ProviderID*/Poll/AllUsersPollOnFirstLogin**
Optional. Boolean value that allows the IT admin to require the device to start a management session on first user login for all NT users. A session is only kicked off the first time a user logs in to the system. Later sign-ins won't trigger an MDM session. Login isn't the same as device unlock. Default value is false, where polling is disabled on first login. Supported values are true or false.
Supported operations are Add, Get, and Replace.
@@ -512,31 +512,31 @@ The supported values for this node are 1-true (allow) and 0-false(not allow). De
This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows:
-0 - No Recovery request has been processed.
-1 - Recovery is in Process.
-2 - Recovery has finished successfully.
-3 - Recovery has failed to start because TPM is not available.
-4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM.
-5 - Recovery has failed to start because the MDM keys are already protected by the TPM.
-6 - Recovery has failed to start because the TPM is not ready for attestation.
-7 - Recovery has failed because the client cannot authenticate to the server.
+0 - No Recovery request has been processed.
+1 - Recovery is in Process.
+2 - Recovery has finished successfully.
+3 - Recovery has failed to start because TPM is not available.
+4 - Recovery has failed to start because Azure Active Directory keys are not protected by the TPM.
+5 - Recovery has failed to start because the MDM keys are already protected by the TPM.
+6 - Recovery has failed to start because the TPM is not ready for attestation.
+7 - Recovery has failed because the client cannot authenticate to the server.
8 - Recovery has failed because the server has rejected the client's request.
Supported operation is Get only.
**Provider/*ProviderID*/Recovery/InitiateRecovery**
-This node initiates an MDM Recovery operation on the client.
+This node initiates an MDM Recovery operation on the client.
If initiated with argument 0, it triggers MDM Recovery, no matter the state of the device.
-If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation.
+If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation.
Supported operation is Exec only.
**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync**
-Optional. This node specifies maximum number of concurrent user sync sessions in background.
+Optional. This node specifies maximum number of concurrent user sync sessions in background.
The default value is dynamically decided by the client based on CPU usage.
@@ -548,18 +548,18 @@ Value type is integer. Only applicable for Windows Enterprise multi-session.
**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync**
-Optional. This node specifies maximum number of concurrent user sync sessions at User Login.
+Optional. This node specifies maximum number of concurrent user sync sessions at User Login.
The default value is dynamically decided by the client based on CPU usage.
The values are : 0= none, 1= sequential, anything else= parallel.
-Supported operations are Get, Add, Replace and Delete.
+Supported operations are Get, Add, Replace and Delete.
-Value type is integer. Only applicable for Windows Enterprise multi-session.
+Value type is integer. Only applicable for Windows Enterprise multi-session.
**Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession**
-Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`.
+Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `//Poll/NumberOfScheduledRetriesForUserSession`.
If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 0. If the value is set to 0, this schedule is disabled.
@@ -568,9 +568,9 @@ This configuration is only applicable for Windows Multi-session Editions.
Supported operations are Get and Replace.
**Provider/*ProviderID*/MultipleSession/NumberOfScheduledRetriesForUserSession**
-Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server.
+Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server.
-If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times.
+If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times.
The default value is 0. This configuration is only applicable for Windows Multi-session Editions.
@@ -578,7 +578,7 @@ Supported operations are Get and Replace.
**Provider/*ProviderID*/ConfigLock**
-Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected.
+Optional. This node enables [Config Lock](../config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected.
Default = Locked
@@ -603,22 +603,22 @@ The supported values for this node are false or true.
Supported operation is Get only.
-**Provider/*ProviderID*/Push**
+**Provider/*ProviderID*/Push**
Optional. Not configurable during WAP Provisioning XML. If removed, DM sessions triggered by Push will no longer be supported.
Supported operations are Add and Delete.
-**Provider/*ProviderID*/Push/PFN**
+**Provider/*ProviderID*/Push/PFN**
Required. A string provided by the Windows 10 ecosystem for an MDM solution. Used to register a device for Push Notifications. The server must use the same PFN as the devices it's managing.
Supported operations are Add, Get, and Replace.
-**Provider/*ProviderID*/Push/ChannelURI**
+**Provider/*ProviderID*/Push/ChannelURI**
Required. A string that contains the channel that the WNS client has negotiated for the OMA DM client on the device, based on the PFN that was provided. If no valid PFN is currently set, ChannelURI will return null.
Supported operation is Get.
-**Provider/*ProviderID*/Push/Status**
+**Provider/*ProviderID*/Push/Status**
Required. An integer that maps to a known error state or condition on the system.
Supported operation is Get.
@@ -637,188 +637,188 @@ The status error mapping is listed below.
|7|Failure: push notification received, but unable to establish an OMA-DM session due to power or connectivity limitations.|
|8|Unknown error|
-**Provider/*ProviderID*/CustomEnrollmentCompletePage**
+**Provider/*ProviderID*/CustomEnrollmentCompletePage**
Optional. Added in Windows 10, version 1703.
Supported operations are Add, Delete, and Get.
-**Provider/*ProviderID*/CustomEnrollmentCompletePage/Title**
+**Provider/*ProviderID*/CustomEnrollmentCompletePage/Title**
Optional. Added in Windows 10, version 1703. Specifies the title of the all done page that appears at the end of the MDM enrollment flow.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/CustomEnrollmentCompletePage/BodyText**
+**Provider/*ProviderID*/CustomEnrollmentCompletePage/BodyText**
Optional. Added in Windows 10, version 1703. Specifies the body text of the all done page that appears at the end of the MDM enrollment flow.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkHref**
+**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkHref**
Optional. Added in Windows 10, version 1703. Specifies the URL that's shown at the end of the MDM enrollment flow.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkText**
+**Provider/*ProviderID*/CustomEnrollmentCompletePage/HyperlinkText**
Optional. Added in Windows 10, version 1703. Specifies the display text for the URL that's shown at the end of the MDM enrollment flow.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus**
+**Provider/*ProviderID*/FirstSyncStatus**
Optional node. Added in Windows 10, version 1709.
-**Provider/*ProviderID*/FirstSyncStatus/ExpectedPolicies**
+**Provider/*ProviderID*/FirstSyncStatus/ExpectedPolicies**
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to policies the management service provider expects to configure, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles**
+**Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles**
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the management service provider expects to configure, delimited by the character L"\xF000".
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus/ExpectedMSIAppPackages**
+**Provider/*ProviderID*/FirstSyncStatus/ExpectedMSIAppPackages**
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2` This represents App Package ProductID1 containing four apps, and ProductID2 containing two apps.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus/ExpectedModernAppPackages**
-Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example,
+**Provider/*ProviderID*/FirstSyncStatus/ExpectedModernAppPackages**
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to configure using the EnterpriseModernAppManagement CSP, delimited by the character L"\xF000". The LocURI will be followed by a semicolon and a number, representing the number of apps included in the App Package. We won't verify that number. For example,
``` syntax
-./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000"
+./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000"
./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2
```
This syntax represents App Package PackageFullName containing four apps, and PackageFullName2 containing two apps.
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus/ExpectedPFXCerts**
+**Provider/*ProviderID*/FirstSyncStatus/ExpectedPFXCerts**
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to certs the management service provider expects to configure using the ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus/ExpectedSCEPCerts**
+**Provider/*ProviderID*/FirstSyncStatus/ExpectedSCEPCerts**
Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to SCEP certs the management service provider expects to configure using the ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
-Supported operations are Add, Delete, Get, and Replace.
+Supported operations are Add, Delete, Get, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus/TimeOutUntilSyncFailure**
-Required. Added in Windows 10, version 1709. This node determines how long we'll poll until we surface an error message to the user. The unit of measurement is minutes. Default value will be 60, while maximum value will be 1,440 (one day).
+**Provider/*ProviderID*/FirstSyncStatus/TimeOutUntilSyncFailure**
+Required. Added in Windows 10, version 1709. This node determines how long we'll poll until we surface an error message to the user. The unit of measurement is minutes. Default value will be 60, while maximum value will be 1,440 (one day).
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is integer.
-**Provider/*ProviderID*/FirstSyncStatus/ServerHasFinishedProvisioning**
+**Provider/*ProviderID*/FirstSyncStatus/ServerHasFinishedProvisioning**
Required. Added in Windows 10, version 1709. This node is set by the server to inform the UX that the server has finished configuring the device. It was added so that the server can “change its mind" about what it needs to configure on the device. When this node is set, many other DM Client nodes can't be changed. If this node isn't True, the UX will consider the configuration a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED. This node applies to the per user expected policies and resources lists.
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is boolean.
-**Provider/*ProviderID*/FirstSyncStatus/IsSyncDone**
+**Provider/*ProviderID*/FirstSyncStatus/IsSyncDone**
Required. Added in Windows 10, version 1709. This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully configured. `Set` triggers the UX to override whatever state it's in, and tell the user that the device is configured. It can't be set from True to False (it won't change its mind if the sync is done), and it can't be set from True to True (to prevent notifications from firing multiple times). This node only applies to the user MDM status page (on a per user basis).
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is boolean.
-**Provider/*ProviderID*/FirstSyncStatus/WasDeviceSuccessfullyProvisioned**
+**Provider/*ProviderID*/FirstSyncStatus/WasDeviceSuccessfullyProvisioned**
Required. Added in Windows 10, version 1709. Integer node determining if a device was successfully configured. 0 is failure, 1 is success, 2 is in progress. Once the value is changed to 0 or 1, the value can't be changed again. The client will change the value of success or failure and update the node. The server can force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true. This node only applies to the user MDM status page (on a per user basis).
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is integer.
-**Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage**
+**Provider/*ProviderID*/FirstSyncStatus/BlockInStatusPage**
Required. Device Only. Added in Windows 10, version 1803. This node determines if the MDM progress page is blocking in the Azure AD joined or DJ++ case, and which remediation options are available.
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is integer.
-**Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton**
-Required. Added in Windows 10, version 1803. This node decides if the MDM progress page displays the Collect Logs button.
+**Provider/*ProviderID*/FirstSyncStatus/AllowCollectLogsButton**
+Required. Added in Windows 10, version 1803. This node decides if the MDM progress page displays the Collect Logs button.
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is bool.
-**Provider/*ProviderID*/FirstSyncStatus/CustomErrorText**
-Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do if there's an error.
+**Provider/*ProviderID*/FirstSyncStatus/CustomErrorText**
+Required. Added in Windows 10, version 1803. This node allows the MDM to set custom error text, detailing what the user needs to do if there's an error.
-Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
Value type is string.
-**Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage**
+**Provider/*ProviderID*/FirstSyncStatus/SkipDeviceStatusPage**
Required. Device only. Added in Windows 10, version 1803. This node decides if the MDM device progress page skips after Azure AD joined or Hybrid Azure AD joined in OOBE.
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is bool.
-**Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage**
+**Provider/*ProviderID*/FirstSyncStatus/SkipUserStatusPage**
Required. Device only. Added in Windows 10, version 1803. This node decides if the MDM user progress page skips after Azure AD joined or DJ++ after user login.
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is bool.
-**Provider/*ProviderID*/EnhancedAppLayerSecurity**
+**Provider/*ProviderID*/EnhancedAppLayerSecurity**
Required node. Added in Windows 10, version 1709.
Supported operation is Get.
-**Provider/*ProviderID*/EnhancedAppLayerSecurity/SecurityMode**
+**Provider/*ProviderID*/EnhancedAppLayerSecurity/SecurityMode**
Required. Added in Windows 10, version 1709. This node specifies how the client will do the app layer signing and encryption. 0: no op; 1: sign only; 2: encrypt only; 3: sign and encrypt. The default value is 0.
-Supported operations are Add, Get, Replace, and Delete.
+Supported operations are Add, Get, Replace, and Delete.
Value type is integer.
-**Provider/*ProviderID*/EnhancedAppLayerSecurity/UseCertIfRevocationCheckOffline**
+**Provider/*ProviderID*/EnhancedAppLayerSecurity/UseCertIfRevocationCheckOffline**
Required. Added in Windows 10, version 1709. When this node is set, it tells the client to use the certificate even when the client can't check the certificate's revocation status because the device is offline. The default value is set.
-Supported operations are Add, Get, Replace, and Delete.
+Supported operations are Add, Get, Replace, and Delete.
Value type is boolean.
-**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert0**
+**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert0**
Required. Added in Windows 10, version 1709. The node contains the primary certificate - the public key to use.
-Supported operations are Add, Get, Replace, and Delete.
+Supported operations are Add, Get, Replace, and Delete.
Value type is string.
-**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert1**
+**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert1**
Required. Added in Windows 10, version 1709. The node contains the secondary certificate - the public key to use.
-Supported operations are Add, Get, Replace, and Delete.
+Supported operations are Add, Get, Replace, and Delete.
Value type is string.
-**Provider/*ProviderID*/Unenroll**
+**Provider/*ProviderID*/Unenroll**
Required. The node accepts unenrollment requests using the OMA DM Exec command and calls the enrollment client to unenroll the device from the management server whose provider ID is specified in the `` tag under the `` element. Scope is permanent.
Supported operations are Get and Exec.
@@ -837,7 +837,7 @@ The following SyncML shows how to remotely unenroll the device. This command sho
chr
- TestMDMServer
+ TestMDMServer
@@ -845,4 +845,4 @@ The following SyncML shows how to remotely unenroll the device. This command sho
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 2f7ca1fb7e..83705437e0 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DMClient DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -16,7 +16,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **DMClient** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is for Windows 10, version 1803.
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
deleted file mode 100644
index 471f590bc9..0000000000
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ /dev/null
@@ -1,166 +0,0 @@
----
-title: DMProcessConfigXMLFiltered function
-description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML.
-Search.Refinement.TopicID: 184
-ms.reviewer:
-manager: aaroncz
-topic_type:
- - apiref
-api_name:
- - DMProcessConfigXMLFiltered
-api_location:
- - dmprocessxmlfiltered.dll
-api_type:
- - DllExport
-ms.author: vinpa
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: vinaypamnani-msft
-ms.date: 06/26/2017
----
-
-# DMProcessConfigXMLFiltered function
-
-> [!Important]
-> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
-
-
-Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios.
-
-- Adding dynamic credentials for OMA Client Provisioning.
-
-- Manufacturing test applications. These applications and the supporting drivers must be removed from the phones before they're sold.
-
-Microsoft recommends that this function isn't used to configure the following types of settings:
-
-- Security settings that are configured using CertificateStore, SecurityPolicy, and RemoteWipe, unless they're related to OMA DM or OMA Client Provisioning security policies
-
-- Non-cellular data connection settings (such as Hotspot settings).
-
-- File system files and registry settings, unless they're used for OMA DM account management, mobile operator data connection settings, or manufacturing tests
-
-- Email settings
-
-> [!Note]
-> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
-
-
-
-## Syntax
-
-```C++
-HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
- LPCWSTR pszXmlIn,
- const WCHAR **rgszAllowedCspNode,
- const DWORD dwNumAllowedCspNodes,
- BSTR *pbstrXmlOut
-);
-```
-
-## Parameters
-
-*pszXmlIn*
-
-- [in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).
-
-*rgszAllowedCspNode*
-
-- [in] Array of `WCHAR` that specify which configuration service provider nodes can be invoked.
-
-*dwNumAllowedCspNodes*
-
-- [in] Number of elements passed in rgszAllowedCspNode.
-
-*pbstrXmlOut*
-
-- [out] The resulting null–terminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use **SysFreeString** to free the memory.
-
-If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document doesn't contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned.
-
-## Return value
-
-Returns the standard **HRESULT** value **S\_OK** to indicate success. The following table shows more error codes that can be returned:
-
-|Return code|Description|
-|--- |--- |
-|**CONFIG_E_OBJECTBUSY**|Another instance of the configuration management service is currently running.|
-|**CONFIG_E_ENTRYNOTFOUND**|No metabase entry was found.|
-|**CONFIG_E_CSPEXCEPTION**|An exception occurred in one of the configuration service providers.|
-|**CONFIG_E_TRANSACTIONINGFAILURE**|A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.|
-|**CONFIG_E_BAD_XML**|The XML input is invalid or malformed.|
-
-## Remarks
-
-The processing of the XML is transactional. Either the entire document gets processed successfully, or none of the settings are processed. So, the **DMProcessConfigXMLFiltered** function processes only one XML configuration request at a time.
-
-The usage of **DMProcessConfigXMLFiltered** depends on the configuration service providers that are used. For example, if the input `.provxml` contains the following two settings:
-
-``` XML
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```
-
-Then, the second parameter in the call to **DMProcessConfigXMLFiltered** would have to have the following definition.
-
-``` C++
-LPCWSTR rgszAllowedCspNodes[] =
-{
- L"NAPDEF",
- L"BrowserFavorite"
-};
-```
-
-This array of configuration service provider names indicates which `.provxml` contents should be present. If the provxml contains "EMAIL2" provisioning but *rgszAllowedCspNodes* doesn't contain EMAIL2, then **DMProcessConfigXMLFiltered** fails with an **E\_ACCESSDENIED** error code.
-
-The following code sample shows how this array would be passed in. The *szProvxmlContent* doesn't show the full XML contents for brevity. In actual usage, the "…" would contain the full XML string shown above.
-
-``` C++
-WCHAR szProvxmlContent[] = L"...";
-BSTR bstr = NULL;
-
-HRESULT hr = DMProcessConfigXMLFiltered(
- szProvxmlContent,
- rgszAllowedCspNodes,
- _countof(rgszAllowedCspNodes),
- &bstr
- );
-
-/* check error */
-
-if ( bstr != NULL )
-{
- SysFreeString( bstr );
- bstr = NULL;
-}
-```
-
-## Requirements
-
-|Requirement|Support|
-|--- |--- |
-|Minimum supported client|None supported|
-|Minimum supported server|None supported|
-|Minimum supported phone|Windows Phone 8.1|
-|Header|Dmprocessxmlfiltered.h|
-|Library|Dmprocessxmlfiltered.lib|
-|DLL|Dmprocessxmlfiltered.dll|
-
-## See also
-
-[**SysFreeString**](/windows/win32/api/oleauto/nf-oleauto-sysfreestring)
-
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index e9c3080fba..7d1f209458 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 06/26/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -24,7 +24,7 @@ The table below shows the applicability of Windows:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The DMSessionActions configuration service provider (CSP) is used to manage:
+The DMSessionActions configuration service provider (CSP) is used to manage:
- the number of sessions the client skips if the device is in a low-power state.
- which CSP nodes should send an alert back to the server if there were any changes.
@@ -73,58 +73,58 @@ DMSessionActions
------------MaxTimeSessionsSkippedInLowPowerState
```
-**./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions**
+**./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions**
Defines the root node for the DMSessionActions configuration service provider.
-***ProviderID***
-Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache.
+***ProviderID***
+Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache.
Scope is dynamic. Supported operations are Get, Add, and Delete.
-***ProviderID*/CheckinAlertConfiguration**
+***ProviderID*/CheckinAlertConfiguration**
Node for the custom configuration of alerts to be sent during MDM sync session.
-***ProviderID*/CheckinAlertConfiguration/Nodes**
+***ProviderID*/CheckinAlertConfiguration/Nodes**
Required. Root node for URIs to be queried. Scope is dynamic.
Supported operation is Get.
-***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID***
+***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID***
Required. Information about each node is stored under NodeID as specified by the server. This value must not contain a comma. Scope is dynamic.
Supported operations are Get, Add, and Delete.
-***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*/NodeURI**
+***ProviderID*/CheckinAlertConfiguration/Nodes/*NodeID*/NodeURI**
Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic.
-Value type is string.
+Value type is string.
Supported operations are Add, Get, Replace, and Delete.
-**AlertData**
+**AlertData**
Node to query the custom alert per server configuration
-Value type is string.
+Value type is string.
Supported operation is Get.
-**PowerSettings**
+**PowerSettings**
Node for power-related configurations.
-**PowerSettings/MaxSkippedSessionsInLowPowerState**
+**PowerSettings/MaxSkippedSessionsInLowPowerState**
Maximum number of continuous skipped sync sessions when the device is in low-power state.
-Value type is integer.
+Value type is integer.
Supported operations are Add, Get, Replace, and Delete.
-**PowerSettings/MaxTimeSessionsSkippedInLowPowerState**
+**PowerSettings/MaxTimeSessionsSkippedInLowPowerState**
Maximum time in minutes when the device can skip the check-in with the server if the device is in low-power state.
-Value type is integer.
+Value type is integer.
Supported operations are Add, Get, Replace, and Delete.
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index fcb5cb106e..c03dc36fde 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -7,16 +7,16 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/05/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# DMSessionActions DDF file
-This topic shows the OMA DM device description framework (DDF) for the **DMSessionActions** configuration service provider.
+This topic shows the OMA DM device description framework (DDF) for the **DMSessionActions** configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index 3e4e54c181..26bf159871 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 06/26/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.collection: highpri
---
@@ -25,7 +25,7 @@ The table below shows the applicability of Windows:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-Windows 10 or Windows 11 allows you to manage devices differently depending on location, network, or time. Added in Windows 10, version 1703, the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
+Windows 10 or Windows 11 allows you to manage devices differently depending on location, network, or time. Added in Windows 10, version 1703, the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
This CSP was added in Windows 10, version 1703.
@@ -45,13 +45,13 @@ DynamicManagement
----AlertsEnabled
```
-**DynamicManagement**
+**DynamicManagement**
The root node for the DynamicManagement configuration service provider.
-**NotificationsEnabled**
+**NotificationsEnabled**
Boolean value for sending notification to the user of a context change.
-Default value is False.
+Default value is False.
Supported operations are Get and Replace.
@@ -68,62 +68,62 @@ Example to turn on NotificationsEnabled:
text/plainbool
- true
+ true
```
-**ActiveList**
+**ActiveList**
A string containing the list of all active ContextIDs on the device. Delimiter is unicode character 0xF000.
-Supported operation is Get.
+Supported operation is Get.
-**Contexts**
+**Contexts**
Node for context information.
Supported operation is Get.
-***ContextID***
+***ContextID***
Node created by the server to define a context. Maximum number of characters allowed is 38.
Supported operations are Add, Get, and Delete.
-**SignalDefinition**
+**SignalDefinition**
Signal Definition XML.
Value type is string.
Supported operations are Add, Get, Delete, and Replace.
-**SettingsPack**
+**SettingsPack**
Settings that get applied when the Context is active.
Value type is string.
Supported operations are Add, Get, Delete, and Replace.
-**SettingsPackResponse**
+**SettingsPackResponse**
Response from applying a Settings Pack that contains information on each individual action.
Value type is string.
Supported operation is Get.
-**ContextStatus**
+**ContextStatus**
Reports status of the context. If there was a failure, SettingsPackResponse should be checked for what exactly is failed.
-Value type is integer.
+Value type is integer.
Supported operation is Get.
-**Altitude**
+**Altitude**
A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities.
-Value type is integer.
+Value type is integer.
Supported operations are Add, Get, Delete, and Replace.
-**AlertsEnabled**
+**AlertsEnabled**
A Boolean value for sending an alert to the server when a context fails.
Supported operations are Get and Replace.
@@ -158,12 +158,12 @@ Disable Cortana based on Geo location and time, from 9am-5pm, when in the 100-me
-
+
-
+
-
+
@@ -211,14 +211,14 @@ Disable camera using network trigger with time trigger, from 9-5, when ip4 gatew
chr
-
+
-
- 192.168.0.1
-
+
+ 192.168.0.1
+
-
+
@@ -274,4 +274,4 @@ Get ContextStatus and SignalDefinition from a specific context:
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
\ No newline at end of file
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 0e2a6dd191..48ea1b01a8 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -1,7 +1,7 @@
---
title: DynamicManagement DDF file
description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -13,9 +13,9 @@ ms.date: 12/05/2017
# DynamicManagement DDF file
-This topic shows the OMA DM device description framework (DDF) for the **DynamicManagement** configuration service provider.
+This topic shows the OMA DM device description framework (DDF) for the **DynamicManagement** configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 1298e152d0..6e067a0976 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,7 +1,7 @@
---
title: EAP configuration
description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -140,7 +140,7 @@ The following list describes the prerequisites for a certificate to be used with
- Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
- Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
- All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
-
+
- The user or the computer certificate on the client must chain to a trusted root CA.
- The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
- The user or the computer certificate doesn't fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
@@ -162,15 +162,15 @@ The following XML sample explains the properties for the EAP TLS XML, including
00
-
+
-
+
13
-
+
true
@@ -193,7 +193,7 @@ The following XML sample explains the properties for the EAP TLS XML, including
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-
+
@@ -201,15 +201,15 @@ The following XML sample explains the properties for the EAP TLS XML, including
- ContostoITEKU
+ ContostoITEKU
- 1.3.6.1.4.1.311.42.1.15
+ 1.3.6.1.4.1.311.42.1.15
- ContostoITEKU
+ ContostoITEKU
@@ -231,16 +231,16 @@ The following XML sample explains the properties for the EAP TLS XML, including
true
-
+
-
+
-
@@ -286,4 +286,4 @@ Alternatively, you can use the following procedure to create an EAP configuratio
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index a88665101f..0fc082236b 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -1,7 +1,7 @@
---
title: EMAIL2 CSP
description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -78,12 +78,12 @@ Configuration data isn't encrypted when sent over the air (OTA). This is a poten
> [!IMPORTANT]
> All Add and Replace commands need to be wrapped in an Atomic section.
-**EMAIL2**
+**EMAIL2**
The configuration service provider root node.
Supported operation is Get.
-***GUID***
+***GUID***
Defines a specific email account. A globally unique identifier (GUID) must be generated for each email account on the device. Provisioning with an account that has the same GUID as an existing one doesn't create the new account and Add command will fail in this case.
Supported operations are Get, Add, and Delete.
@@ -93,14 +93,14 @@ The braces {} around the GUID are required in the EMAIL2 configuration service p
- For OMA Client Provisioning, the braces can be sent literally. For example, ``
- For OMA DM, the braces must be sent using ASCII values of 0x7B and 0x7D respectively. For example, `./Vendor/MSFT/EMAIL2/0x7BC556E16F-56C4-4edb-9C64-D9469EE1FBE0x7D`
-**ACCOUNTICON**
+**ACCOUNTICON**
Optional. Returns the location of the icon associated with the account.
Supported operations are Get, Add, Replace, and Delete.
The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings, email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added.
-**ACCOUNTTYPE**
+**ACCOUNTTYPE**
Required. Specifies the type of account.
Supported operations are Get, Add, Replace, and Delete.
@@ -110,12 +110,12 @@ Valid values are:
- Email: Normal email
- VVM: Visual voice mail
-**AUTHNAME**
+**AUTHNAME**
Required. Character string that specifies the name used to authorize the user to a specific email account (also known as the user's logon name).
Supported operations are Get, Add, Replace, and Delete.
-**AUTHREQUIRED**
+**AUTHREQUIRED**
Optional. Character string that specifies whether the outgoing server requires authentication.
Supported operations are Get, Add, Replace, and Delete.
@@ -128,17 +128,17 @@ Value options are:
> [!NOTE]
> If this value isn't specified, then no SMTP authentication is done. Also, this is different from SMTPALTENABLED.
-**AUTHSECRET**
+**AUTHSECRET**
Optional. Character string that specifies the user's password. The same password is used for SMTP authentication.
Supported operations are Get, Add, Replace, and Delete.
-**DOMAIN**
+**DOMAIN**
Optional. Character string that specifies the incoming server credentials domain. Limited to 255 characters.
Supported operations are Get, Add, Replace, and Delete.
-**DWNDAY**
+**DWNDAY**
Optional. Character string that specifies how many days' worth of email should be downloaded from the server.
Supported operations are Get, Add, Replace, and Delete.
@@ -150,14 +150,14 @@ Value options:
- 14: Specifies that 14 days’ worth of email should be downloaded.
- 30: Specifies that 30 days’ worth of email should be downloaded.
-**INSERVER**
+**INSERVER**
Required. Character string that specifies the name of the incoming server name and port number. This string is limited to 62 characters. If the standard port number is used, then you don't have to specify the port number. The value format is:
- server name:port number
Supported operations are Get, Add, and Replace.
-**LINGER**
+**LINGER**
Optional. Character string that specifies the length of time between email send/receive updates in minutes.
Supported operations are Get, Add, Replace, and Delete.
@@ -170,7 +170,7 @@ Value options:
- 60 - Wait for 60 minutes between updates
- 120 - Wait for 120 minutes between updates.
-**KEEPMAX**
+**KEEPMAX**
Optional. Specifies the maximum size for a message attachment. Attachments beyond this size will not be downloaded but it will remain on the server. The message itself will be downloaded. This value can be set only for IMAP4 accounts.
The limit is specified in KB.
@@ -181,24 +181,24 @@ A value of 0 meaning that no limit will be enforced.
Supported operations are Get, Add, Replace, and Delete.
-**NAME**
+**NAME**
Optional. Character string that specifies the name of the sender displayed on a sent email. It should be set to the user’s name. Limited to 255 characters.
Supported operations are Get, Add, Replace, and Delete.
-**OUTSERVER**
+**OUTSERVER**
Required. Character string that specifies the name of the messaging service's outgoing email server. Limited to 62 characters. The value format is:
- server name:port number
Supported operations are Get, Add, Delete, and Replace.
-**REPLYADDR**
+**REPLYADDR**
Required. Character string that specifies the reply email address of the user (usually the same as the user email address). Sending email will fail without it. Limited to 255 characters.
Supported operations are Get, Add, Delete, and Replace.
-**SERVICENAME**
+**SERVICENAME**
Required. Character string that specifies the name of the email service to create or edit (32 characters maximum).
Supported operations are Get, Add, Replace, and Delete.
@@ -206,21 +206,21 @@ Supported operations are Get, Add, Replace, and Delete.
> [!NOTE]
> The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.
-**SERVICETYPE**
+**SERVICETYPE**
Required. Character string that specifies the type of email service to create or edit (for example, "IMAP4" or "POP3").
Supported operations are Get, Add, Replace, and Delete.
> **Note** The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.
-**RETRIEVE**
+**RETRIEVE**
Optional. Specifies the maximum size in bytes for messages retrieved from the incoming email server. Messages beyond this size are retrieved, but truncated.
Value options are 512, 1024, 2048, 5120, 20480, and 51200.
Supported operations are Get, Add, Replace, and Delete.
-**SERVERDELETEACTION**
+**SERVERDELETEACTION**
Optional. Character string that specifies how message is deleted on server. Value options are:
- 1 - Delete message on the server.
@@ -230,12 +230,12 @@ Any other value results in default action, which depends on the transport.
Supported operations are Get, Add, Replace, and Delete.
-**CELLULARONLY**
+**CELLULARONLY**
Optional. If this flag is set, the account only uses the cellular network and not Wi-Fi.
Value type is string. Supported operations are Get, Add, Replace, and Delete.
-**SYNCINGCONTENTTYPES**
+**SYNCINGCONTENTTYPES**
Required. Specifies a bitmask for which content types are supported for syncing, like Mail, Contacts, and Calendar.
- No data (0x0)
@@ -254,64 +254,64 @@ Required. Specifies a bitmask for which content types are supported for syncing,
Supported operations are Get, Add, Replace, and Delete.
-**CONTACTSSERVER**
+**CONTACTSSERVER**
Optional. Server for contact sync if it's different from the email server.
Supported operations are Get, Add, Replace, and Delete.
-**CALENDARSERVER**
+**CALENDARSERVER**
Optional. Server for calendar sync if it's different from the email server.
Supported operations are Get, Add, Replace, and Delete.
-**CONTACTSSERVERREQUIRESSL**
+**CONTACTSSERVERREQUIRESSL**
Optional. Indicates if the connection to the contact server requires SSL.
Supported operations are Get, Add, Replace, and Delete.
-**CALENDARSERVERREQUIRESSL**
+**CALENDARSERVERREQUIRESSL**
Optional. Indicates if the connection to the calendar server requires SSL.
Supported operations are Get, Add, Replace, and Delete.
-**CONTACTSSYNCSCHEDULE**
+**CONTACTSSYNCSCHEDULE**
Optional. Sets the schedule for syncing contact items.
Supported operations are Get, Add, Replace, and Delete.
-**CALENDARSYNCSCHEDULE**
+**CALENDARSYNCSCHEDULE**
Optional. Sets the schedule for syncing calendar items.
Supported operations are Get, Add, Replace, and Delete.
-**SMTPALTAUTHNAME**
+**SMTPALTAUTHNAME**
Optional. Character string that specifies the display name associated with the user's alternative SMTP email account.
Supported operations are Get, Add, Replace, and Delete.
-**SMTPALTDOMAIN**
+**SMTPALTDOMAIN**
Optional. Character string that specifies the domain name for the user's alternative SMTP account.
Supported operations are Get, Add, Replace, and Delete.
-**SMTPALTENABLED**
+**SMTPALTENABLED**
Optional. Character string that specifies if the user's alternate SMTP account is enabled.
Supported operations are Get, Add, Replace, and Delete.
A value of "FALSE" means the user's alternate SMTP email account is disabled. A value of "TRUE" means that the user's alternate SMTP email account is enabled.
-**SMTPALTPASSWORD**
+**SMTPALTPASSWORD**
Optional. Character string that specifies the password for the user's alternate SMTP account.
Supported operations are Get, Add, Replace, and Delete.
-**TAGPROPS**
+**TAGPROPS**
Optional. Defines a group of properties with non-standard element names.
Supported operations are Get, Add, Replace, and Delete.
-**TAGPROPS/8128000B**
+**TAGPROPS/8128000B**
Optional. Character string that specifies if the incoming email server requires SSL.
Supported operations are Get, Add, Replace, and Delete.
@@ -321,7 +321,7 @@ Value options are:
- 0 - SSL isn't required.
- 1 - SSL is required.
-**TAGPROPS/812C000B**
+**TAGPROPS/812C000B**
Optional. Character string that specifies if the outgoing email server requires SSL.
Supported operations are Get and Replace.
@@ -352,4 +352,4 @@ If the connection to the mail server is initiated with deferred SSL, the mail se
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index ec7d604849..1543101a54 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,7 +1,7 @@
---
title: EMAIL2 DDF file
description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **EMAIL2** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
@@ -814,7 +814,7 @@ The XML below is the current version for this CSP.
- Specify whether incoming server requires SSL connection.
+ Specify whether incoming server requires SSL connection.
1- Require SSL connection
0- Doesn't require SSL connection (default)
@@ -840,7 +840,7 @@ The XML below is the current version for this CSP.
- Specify whether outgoing server requires SSL connection.
+ Specify whether outgoing server requires SSL connection.
1- Require SSL connection
0- Doesn't require SSL connection (default)
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index 40b17f8970..c607ed7015 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -14,7 +14,7 @@ ms.date: 05/17/2019
This topic shows the OMA DM device description framework (DDF) for the **EnrollmentStatusTracking** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
### EnrollmentStatusTracking CSP
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 3ad33fa688..59220928f8 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -70,35 +70,35 @@ EnrollmentStatusTracking
--------HasProvisioningCompleted
```
-**./Vendor/MSFT**
+**./Vendor/MSFT**
For device context, use **./Device/Vendor/MSFT** path and for user context, use **./User/Vendor/MSFT** path.
-**EnrollmentStatusTracking**
-Required. Root node for the CSP. This node is supported in both user context and device context.
+**EnrollmentStatusTracking**
+Required. Root node for the CSP. This node is supported in both user context and device context.
Provides the settings to communicate what policies the ESP must block on. Using these settings, policy providers register themselves and the set of policies that must be tracked. The ESP includes the counts of these policy settings in the status message that is displayed to the user. It also blocks ESP until all the policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which are then reflected in the ESP status message.
Scope is permanent. Supported operation is Get.
-**EnrollmentStatusTracking/DevicePreparation**
-Required. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation**
+Required. This node is supported only in device context.
Specifies the settings that ESP reads during the device preparation phase. These settings are used to orchestrate any setup activities prior to provisioning the device in the device setup phase of the ESP.
Scope is permanent. Supported operation is Get.
-**EnrollmentStatusTracking/DevicePreparation/PolicyProviders**
-Required. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders**
+Required. This node is supported only in device context.
Indicates to the ESP that it should wait in the device preparation phase until all the policy providers have their InstallationState node set as 2 (NotRequired) or 3 (Completed).
Scope is permanent. Supported operation is Get.
-**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/_ProviderName_**
-Optional. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/_ProviderName_**
+Optional. This node is supported only in device context.
Represents a policy provider for the ESP. The node should be given a unique name for the policy provider. Registration of a policy provider indicates to ESP that it should block in the device preparation phase until the provider sets its InstallationState node to 2 (NotRequired) or 3 (Completed). Once all the registered policy providers are marked as Completed or NotRequired, the ESP progresses to the device setup phase.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
-**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/InstallationState**
-Required. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/InstallationState**
+Required. This node is supported only in device context.
Communicates the policy provider installation state back to ESP.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -110,30 +110,30 @@ Value type is integer. Expected values are as follows:
- 3—Completed
- 4—Error
-**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/LastError**
-Required. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/LastError**
+Required. This node is supported only in device context.
Represents the last error code during the application installation process. If a policy provider fails to install, it can optionally set an HRESULT error code that the ESP can display in an error message to the user. ESP reads this node only when the provider's InstallationState node is set to 4 (Error). This node must be set only by the policy provider, and not by the MDM server.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is integer.
-**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/Timeout**
-Optional. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/Timeout**
+Optional. This node is supported only in device context.
Represents the amount of time, in minutes, that the provider installation process can run before the ESP shows an error. Provider installation is complete when the InstallationState node is set to 2 (NotRequired) or 3 (Completed). If no timeout value is specified, ESP selects the default timeout value of 15 minutes.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is integer. The default is 15 minutes.
-**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes**
-Required. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes**
+Required. This node is supported only in device context.
This node's children register which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with ESP tracking message.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
-**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes/Apps**
-Required. This node is supported only in device context.
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes/Apps**
+Required. This node is supported only in device context.
This node specifies if the policy provider is registered for app provisioning.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -143,32 +143,32 @@ Value type is boolean. Expected values are as follows:
- false—Indicates that the policy provider isn't registered for app provisioning. This is the default.
- true—Indicates that the policy provider is registered for app provisioning.
-**EnrollmentStatusTracking/Setup**
-Required. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup**
+Required. This node is supported in both user context and device context.
Provides the settings that ESP reads during the account setup phase in the user context and device setup phase in the device context. Policy providers use this node to communicate progress status back to the ESP, which is then displayed to the user through progress messages.
Scope is permanent. Supported operation is Get.
-**EnrollmentStatusTracking/Setup/Apps**
-Required. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps**
+Required. This node is supported in both user context and device context.
Provides the settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user.
Scope is permanent. Supported operation is Get.
-**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**
-Required. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**
+Required. This node is supported in both user context and device context.
Specifies the app policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with the status to the user.
Scope is permanent. Supported operation is Get.
-**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName***
-Optional. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName***
+Optional. This node is supported in both user context and device context.
Represents an app policy provider for the ESP. Existence of this node indicates to the ESP that it shouldn't show the tracking status message until the TrackingPoliciesCreated node has been set to true.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
-**EnrollmentStatusTracking/Setup/Apps/PolicyProviders/*ProviderName*/TrackingPoliciesCreated**
-Required. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/PolicyProviders/*ProviderName*/TrackingPoliciesCreated**
+Required. This node is supported in both user context and device context.
Indicates if the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -178,26 +178,26 @@ Value type is boolean. The expected values are as follows:
- true—Indicates that the provider has created the required policies.
- false—Indicates that the provider hasn't created the required policies. This is the default.
-**EnrollmentStatusTracking/Setup/Apps/Tracking**
-Required. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/Tracking**
+Required. This node is supported in both user context and device context.
Root node for the app installations being tracked by the ESP.
Scope is permanent. Supported operation is Get.
-**EnrollmentStatusTracking/Setup/Apps/Tracking/_ProviderName_**
-Optional. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/Tracking/_ProviderName_**
+Optional. This node is supported in both user context and device context.
Indicates the provider name responsible for installing the apps and providing status back to ESP.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
-**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_**
-Optional. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_**
+Optional. This node is supported in both user context and device context.
Represents a unique name for the app whose progress should be tracked by the ESP. The policy provider can define any arbitrary app name as ESP doesn't use the app name directly.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
-**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/InstallationState**
-Optional. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/InstallationState**
+Optional. This node is supported in both user context and device context.
Represents the installation state for the app. The policy providers (not the MDM server) must update this node for the ESP to track the installation progress and update the status message.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -209,8 +209,8 @@ Value type is integer. Expected values are as follows:
- 3—Completed
- 4—Error
-**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired**
-Optional. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired**
+Optional. This node is supported in both user context and device context.
Indicates if the app installation requires ESP to issue a reboot. The policy providers installing the app (not the MDM server) must set this node. If the policy providers don't set this node, the ESP won't reboot the device for the app installation.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
@@ -221,8 +221,8 @@ Value type is integer. Expected values are as follows:
- 2—SoftReboot
- 3—HardReboot
-**EnrollmentStatusTracking/Setup/HasProvisioningCompleted**
-Required. This node is supported in both user context and device context.
+**EnrollmentStatusTracking/Setup/HasProvisioningCompleted**
+Required. This node is supported in both user context and device context.
ESP sets this node when it completes. Providers can query this node to determine if the ESP is showing, which allows them to determine if they still need to provide status updates for the ESP through this CSP.
Scope is permanent. Supported operation is Get.
@@ -234,4 +234,4 @@ Value type is boolean. Expected values are as follows:
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index 7988975af6..ef1f136780 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -1,7 +1,7 @@
---
title: EnterpriseAPN CSP
description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -45,20 +45,20 @@ EnterpriseAPN
--------AllowUserControl
--------HideView
```
-**EnterpriseAPN**
+**EnterpriseAPN**
The root node for the EnterpriseAPN configuration service provider.
-**EnterpriseAPN/***ConnectionName*
+**EnterpriseAPN/***ConnectionName*
Name of the connection as seen by Windows Connection Manager.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/APNName**
+**EnterpriseAPN/*ConnectionName*/APNName**
Enterprise APN name.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/IPType**
+**EnterpriseAPN/*ConnectionName*/IPType**
This value can be one of the following:
- IPv4 - only IPV4 connection type.
@@ -68,19 +68,19 @@ This value can be one of the following:
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/IsAttachAPN**
-Boolean value that indicates whether this APN should be requested as part of an LTE Attach.
+**EnterpriseAPN/*ConnectionName*/IsAttachAPN**
+Boolean value that indicates whether this APN should be requested as part of an LTE Attach.
Default value is false.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/ClassId**
+**EnterpriseAPN/*ConnectionName*/ClassId**
GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting isn't present. It's only required when IsAttachAPN is true and the attach APN isn't only used as the Internet APN.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/AuthType**
+**EnterpriseAPN/*ConnectionName*/AuthType**
Authentication type. This value can be one of the following:
- None (default)
@@ -91,36 +91,36 @@ Authentication type. This value can be one of the following:
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/UserName**
+**EnterpriseAPN/*ConnectionName*/UserName**
User name for use with PAP, CHAP, or MSCHAPv2 authentication.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/Password**
+**EnterpriseAPN/*ConnectionName*/Password**
Password corresponding to the username.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/IccId**
+**EnterpriseAPN/*ConnectionName*/IccId**
Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node isn't present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/AlwaysOn**
+**EnterpriseAPN/*ConnectionName*/AlwaysOn**
Added in Windows 10, version 1607. Boolean value that specifies whether the CM will automatically attempt to connect to the APN when a connection is available.
The default value is true.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/Enabled**
+**EnterpriseAPN/*ConnectionName*/Enabled**
Added in Windows 10, version 1607. Boolean that specifies whether the connection is enabled.
The default value is true.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/*ConnectionName*/Roaming**
+**EnterpriseAPN/*ConnectionName*/Roaming**
Added in Windows 10, version 1703. Specifies whether the connection should be activated when the device is roaming. Valid values are:
- 0 - Disallowed
@@ -132,21 +132,21 @@ Added in Windows 10, version 1703. Specifies whether the connection should be a
Default is 1 (all roaming allowed).
-Value type is string.
+Value type is string.
Supported operations are Add, Get, Delete, and Replace.
-**EnterpriseAPN/Settings**
+**EnterpriseAPN/Settings**
Added in Windows 10, version 1607. Node that contains global settings.
-**EnterpriseAPN/Settings/AllowUserControl**
+**EnterpriseAPN/Settings/AllowUserControl**
Added in Windows 10, version 1607. Boolean value that specifies whether the cellular UX will allow users to connect with other APNs other than the Enterprise APN.
The default value is false.
Supported operations are Get and Replace.
-**EnterpriseAPN/Settings/HideView**
+**EnterpriseAPN/Settings/HideView**
Added in Windows 10, version 1607. Boolean that specifies whether the cellular UX will allow the user to view enterprise APNs. Only applicable if AllowUserControl is true.
The default value is false.
@@ -298,4 +298,4 @@ atomicZ
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index e83aef75e3..e14b2947da 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -1,7 +1,7 @@
---
title: EnterpriseAPN DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAPN** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The content below are the different versions of the DDF for this CSP.
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 23d45c61be..46de6095eb 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 06/26/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -55,98 +55,98 @@ EnterpriseAppVManagement
--------ConfigurationId
------------Policy
```
-**./Vendor/MSFT/EnterpriseAppVManagement**
+**./Vendor/MSFT/EnterpriseAppVManagement**
Root node for the EnterpriseAppVManagement configuration service provider.
-**AppVPackageManagement**
-Used to query App-V package information (post-publish).
+**AppVPackageManagement**
+Used to query App-V package information (post-publish).
-**AppVPackageManagement/EnterpriseID**
+**AppVPackageManagement/EnterpriseID**
Used to query package information. Value is always "HostedInstall".
-**AppVPackageManagement/EnterpriseID/PackageFamilyName**
+**AppVPackageManagement/EnterpriseID/PackageFamilyName**
Package ID of the published App-V package.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName***
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName***
Version ID of the published App-V package.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Name**
Name specified in the published AppV package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Version**
Version specified in the published AppV package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Publisher**
Publisher as specified in the published asset information of the AppV package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallLocation**
Local package path specified in the published asset information of the AppV package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/InstallDate**
Date the app was installed, as specified in the published asset information of the AppV package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/Users**
Registered users for app, as specified in the published asset information of the AppV package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageId**
Package ID of the published App-V package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVVersionId**
Version ID of the published App-V package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri**
+**AppVPackageManagement/*EnterpriseID*/*PackageFamilyName*/*PackageFullName*/AppVPackageUri**
Package URI of the published App-V package.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPublishing**
+**AppVPublishing**
Used to monitor publishing operations on App-V.
-**AppVPublishing/LastSync**
+**AppVPublishing/LastSync**
Used to monitor publishing status of last sync operation.
-**AppVPublishing/LastSync/LastError**
+**AppVPublishing/LastSync/LastError**
Error code and error description of last sync operation.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPublishing/LastSync/LastErrorDescription**
+**AppVPublishing/LastSync/LastErrorDescription**
Last sync error status. One of the following values may be returned:
- SYNC\_ERR_NONE (0) - No errors during publish.
@@ -161,7 +161,7 @@ Value type is string.
Supported operation is Get.
-**AppVPublishing/LastSync/SyncStatusDescription**
+**AppVPublishing/LastSync/SyncStatusDescription**
Latest sync in-progress stage. One of the following values may be returned:
- SYNC\_PROGRESS_IDLE (0) - App-V publishing is idle.
@@ -170,7 +170,7 @@ Latest sync in-progress stage. One of the following values may be returned:
- SYNC\_PROGRESS\_PUBLISH\_GROUP_PACKAGES (3) - App-V packages (connection group) publish in progress.
- SYN\C_PROGRESS_UNPUBLISH_PACKAGES (4) - App-V packages unpublish in progress.
-Value type is string.
+Value type is string.
Supported operation is Get.
@@ -183,30 +183,30 @@ Latest sync state. One of the following values may be returned:
- SYNC\_STATUS\_PUBLISH\_COMPLETED (3) - App-V Sync is complete.
- SYNC\_STATUS\_PUBLISH\_REBOOT_REQUIRED (4) - App-V Sync requires device reboot.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppVPublishing/Sync**
+**AppVPublishing/Sync**
Used to perform App-V synchronization.
-**AppVPublishing/Sync/PublishXML**
+**AppVPublishing/Sync/PublishXML**
Used to execute the App-V synchronization using the Publishing protocol. For more information about the protocol,, see [[MS-VAPR]: Virtual Application Publishing and Reporting (App-V) Protocol](/openspecs/windows_protocols/ms-vapr/a05e030d-4fb9-4c8d-984b-971253b62be8).
Supported operations are Get, Delete, and Execute.
-**AppVDynamicPolicy**
+**AppVDynamicPolicy**
Used to set App-V Policy Configuration documents for publishing packages.
-**AppVDynamicPolicy/*ConfigurationId***
+**AppVDynamicPolicy/*ConfigurationId***
ID for App-V Policy Configuration document for publishing packages (referenced in the Publishing protocol document).
-**AppVDynamicPolicy/*ConfigurationId*/Policy**
+**AppVDynamicPolicy/*ConfigurationId*/Policy**
XML for App-V Policy Configuration documents for publishing packages.
-Value type is xml.
+Value type is xml.
Supported operations are Add, Get, Delete, and Replace.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 0572ef9f96..51705bf533 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -7,15 +7,15 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/05/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# EnterpriseAppVManagement DDF file
-This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAppVManagement** configuration service provider.
+This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAppVManagement** configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index bf660969d6..17adea149a 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -2,7 +2,7 @@
title: EnterpriseDataProtection CSP
description: Learn how the EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -59,14 +59,14 @@ EnterpriseDataProtection
----Status
```
-**./Device/Vendor/MSFT/EnterpriseDataProtection**
+**./Device/Vendor/MSFT/EnterpriseDataProtection**
The root node for the CSP.
-**Settings**
+**Settings**
The root node for the Windows Information Protection (WIP) configuration settings.
-**Settings/EDPEnforcementLevel**
-Set the WIP enforcement level.
+**Settings/EDPEnforcementLevel**
+Set the WIP enforcement level.
> [!NOTE]
> Setting this value isn't sufficient to enable Windows Information Protection on the device. Attempts to change this value will fail when the WIP cleanup is running.
@@ -80,7 +80,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
-**Settings/EnterpriseProtectedDomainNames**
+**Settings/EnterpriseProtectedDomainNames**
A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client.
@@ -96,7 +96,7 @@ Here are the steps to create canonical domain names:
Supported operations are Add, Get, Replace, and Delete. Value type is string.
-**Settings/AllowUserDecryption**
+**Settings/AllowUserDecryption**
Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user won't be able to remove protection from enterprise content through the operating system or the application user experiences.
> [!IMPORTANT]
@@ -111,7 +111,7 @@ Most restricted value is 0.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
-**Settings/DataRecoveryCertificate**
+**Settings/DataRecoveryCertificate**
Specifies a recovery certificate that can be used for data recovery of encrypted files. This certificate is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through mobile device management (MDM) instead of Group Policy.
> [!Note]
@@ -124,116 +124,116 @@ The binary blob is the serialized version of following structure:
//
// Recovery Policy Data Structures
//
-
+
typedef struct _RECOVERY_POLICY_HEADER {
USHORT MajorRevision;
USHORT MinorRevision;
ULONG RecoveryKeyCount;
} RECOVERY_POLICY_HEADER, *PRECOVERY_POLICY_HEADER;
-
+
typedef struct _RECOVERY_POLICY_1_1 {
RECOVERY_POLICY_HEADER RecoveryPolicyHeader;
RECOVERY_KEY_1_1 RecoveryKeyList[1];
} RECOVERY_POLICY_1_1, *PRECOVERY_POLICY_1_1;
-
+
#define EFS_RECOVERY_POLICY_MAJOR_REVISION_1 (1)
#define EFS_RECOVERY_POLICY_MINOR_REVISION_0 (0)
-
+
#define EFS_RECOVERY_POLICY_MINOR_REVISION_1 (1)
-
+
///////////////////////////////////////////////////////////////////////////////
// /
// RECOVERY_KEY Data Structure /
// /
///////////////////////////////////////////////////////////////////////////////
-
+
//
// Current format of recovery data.
//
-
+
typedef struct _RECOVERY_KEY_1_1 {
ULONG TotalLength;
EFS_PUBLIC_KEY_INFO PublicKeyInfo;
} RECOVERY_KEY_1_1, *PRECOVERY_KEY_1_1;
-
-
+
+
typedef struct _EFS_PUBLIC_KEY_INFO {
-
+
//
// The length of this entire structure, including string data
// appended to the end. The length should be a multiple of 8 for
// 64 bit alignment
//
-
+
ULONG Length;
-
+
//
// Sid of owner of the public key (regardless of format).
// This field is to be treated as a hint only.
//
-
+
ULONG PossibleKeyOwner;
-
+
//
// Contains information describing how to interpret
// the public key information
//
-
+
ULONG KeySourceTag;
-
+
union {
-
+
struct {
-
+
//
// The following fields contain offsets based at the
// beginning of the structure. Each offset is to
// a NULL terminated WCHAR string.
//
-
+
ULONG ContainerName;
ULONG ProviderName;
-
+
//
// The exported public key used to encrypt the FEK.
// This field contains an offset from the beginning of the
// structure.
//
-
+
ULONG PublicKeyBlob;
-
+
//
// Length of the PublicKeyBlob in bytes
//
-
+
ULONG PublicKeyBlobLength;
-
+
} ContainerInfo;
-
+
struct {
-
+
ULONG CertificateLength; // in bytes
ULONG Certificate; // offset from start of structure
-
+
} CertificateInfo;
-
-
+
+
struct {
-
+
ULONG ThumbprintLength; // in bytes
ULONG CertHashData; // offset from start of structure
-
+
} CertificateThumbprint;
};
-
-
-
+
+
+
} EFS_PUBLIC_KEY_INFO, *PEFS_PUBLIC_KEY_INFO;
-
+
//
// Possible KeyTag values
//
-
+
typedef enum _PUBLIC_KEY_SOURCE_TAG {
EfsCryptoAPIContainer = 1,
EfsCertificate,
@@ -245,7 +245,7 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate.
Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
-**Settings/RevokeOnUnenroll**
+**Settings/RevokeOnUnenroll**
This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
The following list shows the supported values:
@@ -255,7 +255,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
-**Settings/RevokeOnMDMHandoff**
+**Settings/RevokeOnMDMHandoff**
Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
- 0 - Don't revoke keys.
@@ -263,12 +263,12 @@ Added in Windows 10, version 1703. This policy controls whether to revoke the Wi
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
-**Settings/RMSTemplateIDForEDP**
+**Settings/RMSTemplateIDForEDP**
TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access.
Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID).
-**Settings/AllowAzureRMSForEDP**
+**Settings/AllowAzureRMSForEDP**
Specifies whether to allow Azure RMS encryption for Windows Information Protection.
- 0 (default) – Don't use RMS.
@@ -276,12 +276,12 @@ Specifies whether to allow Azure RMS encryption for Windows Information Protecti
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
-**Settings/SMBAutoEncryptedFileExtensions**
+**Settings/SMBAutoEncryptedFileExtensions**
Added in Windows 10, version 1703. Specifies a list of file extensions, so that files with these extensions are encrypted when copying from a Server Message Block (SMB) share within the corporate boundary as defined in the Policy CSP nodes for [NetworkIsolation/EnterpriseIPRange](policy-configuration-service-provider.md#networkisolation-enterpriseiprange) and [NetworkIsolation/EnterpriseNetworkDomainNames](policy-configuration-service-provider.md#networkisolation-enterprisenetworkdomainnames). Use semicolon (;) delimiter in the list.
When this policy isn't specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted.
Supported operations are Add, Get, Replace and Delete. Value type is string.
-**Settings/EDPShowIcons**
+**Settings/EDPShowIcons**
Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app.
The following list shows the supported values:
@@ -290,7 +290,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
-**Status**
+**Status**
A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
Suggested values:
@@ -319,6 +319,6 @@ Supported operation is Get. Value type is integer.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
index f8be987381..da67ebd4ea 100644
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@@ -1,7 +1,7 @@
---
title: EnterpriseDataProtection DDF file
description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -18,7 +18,7 @@ The following topic shows the OMA DM device description framework (DDF) for the
> [!IMPORTANT]
> Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index d06146f5a0..ebd53f9de1 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -2,7 +2,7 @@
title: EnterpriseDesktopAppManagement CSP
description: Learn how the EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications.
ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -76,7 +76,7 @@ Installation date of the application. Value type is string. Supported operation
**MSI/*ProductID*/DownloadInstall**
Executes the download and installation of the application. Value type is string. Supported operations are Execute and Get.
-In Windows 10, version 1703 service release, a new tag \ was added to the \ section of the XML. The default value is 0 (don't send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. `` 0 will set the timeout to infinite.
+In Windows 10, version 1703 service release, a new tag \ was added to the \ section of the XML. The default value is 0 (don't send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken. `` 0 will set the timeout to infinite.
Here's an example:
@@ -178,7 +178,7 @@ The following table describes the fields in the previous sample:
| CmdID | Input value used to reference the request. Responses will include this value that can be used to match request and response. |
| LocURI | Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting. |
-
+
**SyncML to perform MSI operations for application status reporting**
@@ -418,4 +418,4 @@ Here's a list of references:
```
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index dcf0663717..23261b8b07 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -1,7 +1,7 @@
---
title: EnterpriseDesktopAppManagement DDF
description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
index 4117208a89..e03181b4e0 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
@@ -1,7 +1,7 @@
---
title: EnterpriseDesktopAppManagement XSD
description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 6aed81068c..dfe544370c 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,7 +1,7 @@
---
title: EnterpriseModernAppManagement CSP
description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -24,7 +24,7 @@ The table below shows the applicability of Windows:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
+The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](../enterprise-app-management.md).
> [!Note]
> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
@@ -76,26 +76,26 @@ EnterpriseModernAppManagement
----------------GetLicenseFromStore
```
-**Device or User context**
+**Device or User context**
For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path.
> [!Note]
> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
-**AppManagement**
+**AppManagement**
Required. Used for inventory and app management (post-install).
-**AppManagement/UpdateScan**
+**AppManagement/UpdateScan**
Required. Used to start the Windows Update scan.
Supported operation is Execute.
-**AppManagement/LastScanError**
+**AppManagement/LastScanError**
Required. Reports the last error code returned by the update scan.
Supported operation is Get.
-**AppManagement/AppInventoryResults**
+**AppManagement/AppInventoryResults**
Added in Windows 10, version 1511. Required. Returns the results for app inventory that was created after the AppInventoryQuery operation.
Supported operation is Get.
@@ -113,7 +113,7 @@ Here's an example of AppInventoryResults operation.
```
-**AppManagement/AppInventoryQuery**
+**AppManagement/AppInventoryQuery**
Added in Windows 10, version 1511. Required. Specifies the query for app inventory.
Query parameters:
@@ -162,7 +162,7 @@ The following example sets the inventory query for the package names and checks
```
-**AppManagement/RemovePackage**
+**AppManagement/RemovePackage**
Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT.
Parameters:
@@ -170,7 +170,7 @@ Parameters:
Package
Name: Specifies the PackageFullName of the particular package to remove.
-
RemoveForAllUsers:
+
RemoveForAllUsers:
0 (default) – Package will be unprovisioned so that new users don't receive the package. The package will remain installed for current users. This option isn't currently supported.
1 – Package will be removed for all users only if it's a provisioned package.
@@ -199,62 +199,62 @@ The following example removes a package for all users:
````
-**AppManagement/nonStore**
+**AppManagement/nonStore**
Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store.
Supported operation is Get.
-**AppManagement/System**
+**AppManagement/System**
Reports apps installed as part of the operating system.
Supported operation is Get.
-**AppManagement/AppStore**
+**AppManagement/AppStore**
Required. Used for managing apps from the Microsoft Store.
Supported operations are Get and Delete.
-**AppManagement/AppStore/ReleaseManagement**
+**AppManagement/AppStore/ReleaseManagement**
Added in Windows 10, version 1809. Interior node for the managing updates through the Microsoft Store. These settings allow the IT admin to specify update channels for apps that they want their users to use for receiving updates. It allows the IT admin to assign a specific release to a smaller group for testing before the large deployment to the rest of the organization.
> [!NOTE]
> ReleaseManagement settings only apply to updates through the Microsoft Store.
-**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_**
+**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_**
Added in Windows 10, version 1809. Identifier for the app or set of apps. If there's only one app, it's the PackageFamilyName. If it's for a set of apps, it's the PackageFamilyName of the main app.
-**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ChannelId**
+**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ChannelId**
Added in Windows 10, version 1809. Specifies the app channel ID.
-Value type is string.
+Value type is string.
Supported operations are Add, Get, Replace, and Delete.
-**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ReleaseManagementId**
+**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/ReleaseManagementId**
Added in Windows 10, version 1809. The IT admin can specify a release ID to indicate a specific release that they would like the user or device to be on.
-Value type is string.
+Value type is string.
Supported operations are Add, Get, Replace, and Delete.
-**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease**
+**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease**
Added in Windows 10, version 1809. Interior node used to specify the effective app release to use when multiple user policies are set on the device. The device policy or last user policy is used.
-**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ChannelId**
+**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ChannelId**
Added in Windows 10, version 1809. Returns the last user channel ID on the device.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ReleaseManagementId**
+**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_/EffectiveRelease/ReleaseManagementId**
Added in Windows 10, version 1809. Returns the last user release ID on the device.
-Value type is string.
+Value type is string.
Supported operation is Get.
-**.../***PackageFamilyName*
+**.../***PackageFamilyName*
Optional. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
Supported operations are Get and Delete.
@@ -281,7 +281,7 @@ Here's an example for uninstalling an app:
```
-**.../*PackageFamilyName*/***PackageFullName*
+**.../*PackageFamilyName*/***PackageFullName*
Optional. Full name of the package installed.
Supported operations are Get and Delete.
@@ -290,29 +290,29 @@ Supported operations are Get and Delete.
> XAP files use a product ID in place of PackageFullName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
-**.../*PackageFamilyName*/*PackageFullName*/Name**
-Required. Name of the app.
+**.../*PackageFamilyName*/*PackageFullName*/Name**
+Required. Name of the app.
Value type is string.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/Version**
-Required. Version of the app.
+**.../*PackageFamilyName*/*PackageFullName*/Version**
+Required. Version of the app.
Value type is string.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/Publisher**
-Required. Publisher name of the app.
+**.../*PackageFamilyName*/*PackageFullName*/Publisher**
+Required. Publisher name of the app.
Value type is string.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/Architecture**
-Required. Architecture of installed package.
+**.../*PackageFamilyName*/*PackageFullName*/Architecture**
+Required. Architecture of installed package.
Value type is string.
@@ -321,8 +321,8 @@ Value type is string.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/InstallLocation**
-Required. Install location of the app on the device.
+**.../*PackageFamilyName*/*PackageFullName*/InstallLocation**
+Required. Install location of the app on the device.
Value type is string.
@@ -331,7 +331,7 @@ Value type is string.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/IsFramework**
+**.../*PackageFamilyName*/*PackageFullName*/IsFramework**
Required. Whether or not the app is a framework package. Value type is int. The value is 1 if the app is a framework package and 0 (zero) for all other cases.
> [!Note]
@@ -339,21 +339,21 @@ Required. Whether or not the app is a framework package. Value type is int. The
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/IsBundle**
-Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
+**.../*PackageFamilyName*/*PackageFullName*/IsBundle**
+Required. The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
Value type is int.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/InstallDate**
-Required. Date the app was installed.
+**.../*PackageFamilyName*/*PackageFullName*/InstallDate**
+Required. Date the app was installed.
Value type is string.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/ResourceID**
+**.../*PackageFamilyName*/*PackageFullName*/ResourceID**
Required. Resource ID of the app. This value is null for the main app, ~ for a bundle, and contains resource information for resources packages. Value type is string.
> [!Note]
@@ -361,8 +361,8 @@ Required. Resource ID of the app. This value is null for the main app, ~ for a b
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/PackageStatus**
-Required. Provides information about the status of the package.
+**.../*PackageFamilyName*/*PackageFullName*/PackageStatus**
+Required. Provides information about the status of the package.
Value type is int. Valid values are:
@@ -377,7 +377,7 @@ Value type is int. Valid values are:
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall**
+**.../*PackageFamilyName*/*PackageFullName*/RequiresReinstall**
Required. Specifies whether the package state has changed and requires a reinstallation of the app. This change of status can occur when new app resources are required, such as when a device has a change in language preference or a new DPI. It can also occur of the package was corrupted. If the value is 1, reinstallation of the app is performed. Value type is int.
> [!Note]
@@ -385,7 +385,7 @@ Required. Specifies whether the package state has changed and requires a reinsta
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/Users**
+**.../*PackageFamilyName*/*PackageFullName*/Users**
Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string.
- Not Installed = 0
@@ -395,37 +395,37 @@ Required. Registered users of the app and the package install state. If the quer
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/IsProvisioned**
-Required. The value is 0 or 1 that indicates if the app is provisioned on the device.
+**.../*PackageFamilyName*/*PackageFullName*/IsProvisioned**
+Required. The value is 0 or 1 that indicates if the app is provisioned on the device.
The value type is int.
Supported operation is Get.
-**.../*PackageFamilyName*/*PackageFullName*/IsStub**
-Added in Windows 10, version 2004.
+**.../*PackageFamilyName*/*PackageFullName*/IsStub**
+Added in Windows 10, version 2004.
Required. This node is used to identify whether the package is a stub package. A stub package is a version of the package with minimal functionality that will reduce the size of the app.
-The value is 1 if the package is a stub package and 0 (zero) for all other cases.
+The value is 1 if the package is a stub package and 0 (zero) for all other cases.
Value type is int.
Supported operation is Get.
-**.../*PackageFamilyName*/DoNotUpdate**
+**.../*PackageFamilyName*/DoNotUpdate**
Required. Specifies whether you want to block a specific app from being updated via auto-updates.
Supported operations are Add, Get, Delete, and Replace.
-**.../*PackageFamilyName*/AppSettingPolicy** (only for ./User/Vendor/MSFT)
+**.../*PackageFamilyName*/AppSettingPolicy** (only for ./User/Vendor/MSFT)
Added in Windows 10, version 1511. Interior node for all managed app setting values. This node is only supported in the user context.
-**.../*PackageFamilyName*/AppSettingPolicy/***SettingValue* (only for ./User/Vendor/MSFT)
+**.../*PackageFamilyName*/AppSettingPolicy/***SettingValue* (only for ./User/Vendor/MSFT)
Added in Windows 10, version 1511. The *SettingValue* and data represent a key value pair to be configured for the app. The node represents the name of the key and the data represents the value. You can find this value in LocalSettings in the Managed.App.Settings container.
This setting only works for apps that support the feature and it's only supported in the user context.
-Value type is string.
+Value type is string.
Supported operations are Add, Get, Replace, and Delete.
@@ -461,10 +461,10 @@ The following example gets all managed app settings for a specific app.
```
-**.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate**
+**.../_PackageFamilyName_/MaintainProcessorArchitectureOnUpdate**
Added in Windows 10, version 1803. Specify whether on an AMD64 device, across an app update, the architecture of the installed app must not change. For example if you have the x86 flavor of a Windows app installed, with this setting enabled, across an update, the x86 flavor will be installed even when x64 flavor is available.
-Supported operations are Add, Get, Delete, and Replace.
+Supported operations are Add, Get, Delete, and Replace.
Value type is integer.
@@ -477,92 +477,92 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
|True |Disabled |X86 flavor is picked |
|False (not set) |Not configured |X64 flavor is picked |
-**.../_PackageFamilyName_/NonRemovable**
-Added in Windows 10, version 1809. Specifies if an app is nonremovable by the user.
+**.../_PackageFamilyName_/NonRemovable**
+Added in Windows 10, version 1809. Specifies if an app is nonremovable by the user.
-This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This setting is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This setting is also useful when there are multiple users per device, and you want to ensure that one user doesn’t remove it for all users.
+This setting allows the IT admin to set an app to be nonremovable, or unable to be uninstalled by a user. This setting is useful in enterprise and education scenarios, where the IT admin might want to ensure that everyone always has certain apps and they won't be removed accidentally. This setting is also useful when there are multiple users per device, and you want to ensure that one user doesn’t remove it for all users.
NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
-Value type is integer.
+Value type is integer.
Supported operations are Add, Get, and Replace.
-Valid values:
+Valid values:
- 0 – app isn't in the nonremovable app policy list
- 1 – app is included in the nonremovable app policy list
**Examples:**
-Add an app to the nonremovable app policy list
+Add an app to the nonremovable app policy list
```xml
-
-
-
- 1
-
-
- ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable
-
-
- int
-
- 1
-
-
-
-
-
+
+
+
+ 1
+
+
+ ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable
+
+
+ int
+
+ 1
+
+
+
+
+
```
-Get the status for a particular app
+Get the status for a particular app
```xml
-
-
-
- 1
-
-
- ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable
-
-
-
-
-
-
+
+
+
+ 1
+
+
+ ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable
+
+
+
+
+
+
```
-Replace an app in the nonremovable app policy list
-Data 0 = app isn't in the app policy list
+Replace an app in the nonremovable app policy list
+Data 0 = app isn't in the app policy list
Data 1 = app is in the app policy list
```xml
-
-
-
- 1
-
-
- ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable
-
-
- int
-
- 0
-
-
-
-
-
+
+
+
+ 1
+
+
+ ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable
+
+
+ int
+
+ 0
+
+
+
+
+
```
-**AppInstallation**
+**AppInstallation**
Required node. Used to perform app installation.
-**AppInstallation/***PackageFamilyName*
+**AppInstallation/***PackageFamilyName*
Optional node. Package family name (PFN) of the app. There's one for each PFN on the device when reporting inventory. These items are rooted under their signing origin.
Supported operations are Get and Add.
@@ -570,12 +570,12 @@ Supported operations are Get and Add.
> [!Note]
> XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}.
-**AppInstallation/*PackageFamilyName*/StoreInstall**
+**AppInstallation/*PackageFamilyName*/StoreInstall**
Required. Command to perform an install of an app and a license from the Microsoft Store.
Supported operation is Execute, Add, Delete, and Get.
-**AppInstallation/*PackageFamilyName*/HostedInstall**
+**AppInstallation/*PackageFamilyName*/HostedInstall**
Required. Command to perform an install of an app package from a hosted location (this location can be a local drive, a UNC, or https data source).
The following list shows the supported deployment options:
@@ -587,13 +587,13 @@ The following list shows the supported deployment options:
- ForceUpdateToAnyVersion
- DeferRegistration="1". If the app is in use at the time of installation. This option stages the files for an app update and completes the registration of the app update after the app closes. Available in the latest insider flight of 20H1.
- StageOnly="1". Stages the files for an app installation or update without installing the app. Available in 1803.
-- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607.
+- LicenseUri="\\server\license.lic". Deploys an offline license from the Microsoft Store for Business. Available in 1607.
- ValidateDependencies="1". This option is used at provisioning/staging time. If it's set to 1, deployment will perform the same dependency validation during staging that we would normally do at registration time, failing and rejecting the provision request if the dependencies aren't present. Available in the latest insider flight of 20H1.
- ExcludeAppFromLayoutModification="1". Sets that the app will be provisioned on all devices and will be able to retain the apps provisioned without pinning them to start layout. Available in 1809.
Supported operation is Execute, Add, Delete, and Get.
-**AppInstallation/*PackageFamilyName*/LastError**
+**AppInstallation/*PackageFamilyName*/LastError**
Required. Last error relating to the app installation.
Supported operation is Get.
@@ -601,7 +601,7 @@ Supported operation is Get.
> [!Note]
> This element isn't present after the app is installed.
-**AppInstallation/*PackageFamilyName*/LastErrorDesc**
+**AppInstallation/*PackageFamilyName*/LastErrorDesc**
Required. Description of last error relating to the app installation.
Supported operation is Get.
@@ -609,7 +609,7 @@ Supported operation is Get.
> [!Note]
> This element isn't present after the app is installed.
-**AppInstallation/*PackageFamilyName*/Status**
+**AppInstallation/*PackageFamilyName*/Status**
Required. Status of app installation. The following values are returned:
- NOT\_INSTALLED (0) - The node was added, but the execution hasn't completed.
@@ -623,7 +623,7 @@ Supported operation is Get.
> This element isn't present after the app is installed.
-**AppInstallation/*PackageFamilyName*/ProgessStatus**
+**AppInstallation/*PackageFamilyName*/ProgessStatus**
Required. An integer that indicates the progress of the app installation. For https locations, this integer indicates the download progress. ProgressStatus isn't available for provisioning and it's only for user-based installations. ProgressStatus value is always 0 (zero) in provisioning.
Supported operation is Get.
@@ -631,18 +631,18 @@ Supported operation is Get.
> [!Note]
> This element isn't present after the app is installed.
-**AppLicenses**
+**AppLicenses**
Required node. Used to manage licenses for app scenarios.
-**AppLicenses/StoreLicenses**
+**AppLicenses/StoreLicenses**
Required node. Used to manage licenses for store apps.
-**AppLicenses/StoreLicenses/***LicenseID*
+**AppLicenses/StoreLicenses/***LicenseID*
Optional node. License ID for a store installed app. The license ID is generally the PFN of the app.
Supported operations are Add, Get, and Delete.
-**AppLicenses/StoreLicenses/*LicenseID*/LicenseCategory**
+**AppLicenses/StoreLicenses/*LicenseID*/LicenseCategory**
Added in Windows 10, version 1511. Required. Category of license that is used to classify various license sources. Valid values are:
- Unknown - unknown license category
@@ -653,7 +653,7 @@ Added in Windows 10, version 1511. Required. Category of license that is used to
Supported operation is Get.
-**AppLicenses/StoreLicenses/*LicenseID*/LicenseUsage**
+**AppLicenses/StoreLicenses/*LicenseID*/LicenseUsage**
Added in Windows 10, version 1511. Required. Indicates the allowed usage for the license. Valid values are:
- Unknown - usage is unknown.
@@ -663,24 +663,24 @@ Added in Windows 10, version 1511. Required. Indicates the allowed usage for the
Supported operation is Get.
-**AppLicenses/StoreLicenses/*LicenseID*/RequesterID**
+**AppLicenses/StoreLicenses/*LicenseID*/RequesterID**
Added in Windows 10, version 1511. Required. Identifier for the entity that requested the license, such as the client who acquired the license. For example, all licenses issued by the Store for Business for a particular enterprise client has the same RequesterID.
Supported operation is Get.
-**AppLicenses/StoreLicenses/*LicenseID*/AddLicense**
+**AppLicenses/StoreLicenses/*LicenseID*/AddLicense**
Required. Command to add license.
Supported operation is Execute.
-**AppLicenses/StoreLicenses/*LicenseID*/GetLicenseFromStore**
+**AppLicenses/StoreLicenses/*LicenseID*/GetLicenseFromStore**
Added in Windows 10, version 1511. Required. Command to get license from the store.
Supported operation is Execute.
## Examples
-For examples of how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md).
+For examples of how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](../enterprise-app-management.md).
Query the device for a specific app subcategory, such as nonStore apps.
@@ -720,4 +720,4 @@ Subsequent query for a specific app for its properties.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 3a270aad3c..ba9430bc83 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,7 +1,7 @@
---
title: EnterpriseModernAppManagement DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 10/01/2019
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseModernAppManagement** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index 95016ab8fc..c323934254 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -1,7 +1,7 @@
---
title: EnterpriseModernAppManagement XSD
description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 8d50139134..5785014560 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 03/02/2018
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -40,6 +40,7 @@ eUICCs
------------ServerName
----------------DiscoveryState
----------------AutoEnable
+----------------IsDiscoveryServer
--------Profiles
------------ICCID
----------------ServerName
@@ -56,131 +57,138 @@ eUICCs
------------Status
```
-**./Vendor/MSFT/eUICCs**
+**./Vendor/MSFT/eUICCs**
Root node for the eUICCs CSP.
-**_eUICC_**
+**_eUICC_**
Interior node. Represents information associated with an eUICC. There's one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, for example, this association could be an SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.
Supported operation is Get.
-**_eUICC_/Identifier**
+**_eUICC_/Identifier**
Required. Identifies an eUICC in an implementation-specific manner, for example, this identification could be an SHA-256 hash of the EID.
Supported operation is Get. Value type is string.
-**_eUICC_/IsActive**
+**_eUICC_/IsActive**
Required. Indicates whether this eUICC is physically present and active. Updated only by the LPA.
Supported operation is Get. Value type is boolean.
-**_eUICC_/PPR1Allowed**
+**_eUICC_/PPR1Allowed**
Profile Policy Rule 1 (PPR1) is required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 isn't allowed.
-Supported operation is Get.
+Supported operation is Get.
Value type is boolean.
-**_eUICC_/PPR1AlreadySet**
+**_eUICC_/PPR1AlreadySet**
Required. Indicates whether the eUICC already has a profile with PPR1.
-Supported operation is Get.
+Supported operation is Get.
Value type is boolean.
-**_eUICC_/DownloadServers**
+**_eUICC_/DownloadServers**
Interior node. Represents default SM-DP+ discovery requests.
Supported operation is Get.
-**_eUICC_/DownloadServers/_ServerName_**
+**_eUICC_/DownloadServers/_ServerName_**
Interior node. Optional. Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
Supported operations are Add, Get, and Delete.
-**_eUICC_/DownloadServers/_ServerName_/DiscoveryState**
+**_eUICC_/DownloadServers/_ServerName_/DiscoveryState**
Required. Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
-Supported operation is Get.
+Supported operation is Get.
Value type is integer. Default value is 1.
-**_eUICC_/DownloadServers/_ServerName_/AutoEnable**
+**_eUICC_/DownloadServers/_ServerName_/AutoEnable**
Required. Indicates whether the discovered profile must be enabled automatically after install. This setting must be defined by the MDM when the ServerName subtree is created.
-Supported operations are Add, Get, and Replace.
+Supported operations are Add, Get, and Replace.
Value type is bool.
-**_eUICC_/Profiles**
+**_eUICC_/DownloadServers/_ServerName_/IsDiscoveryServer**
+Optional. Indicates whether the server is a discovery server. This setting must be defined by the MDM when the ServerName subtree is created.
+
+Supported operations are Add, Get, and Replace.
+
+Value type is bool. Default value is false.
+
+**_eUICC_/Profiles**
Interior node. Required. Represents all enterprise-owned profiles.
Supported operation is Get.
-**_eUICC_/Profiles/_ICCID_**
+**_eUICC_/Profiles/_ICCID_**
Interior node. Optional. Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
Supported operations are Add, Get, and Delete.
-**_eUICC_/Profiles/_ICCID_/ServerName**
+**_eUICC_/Profiles/_ICCID_/ServerName**
Required. Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.
-Supported operations are Add and Get.
+Supported operations are Add and Get.
Value type is string.
-**_eUICC_/Profiles/_ICCID_/MatchingID**
+**_eUICC_/Profiles/_ICCID_/MatchingID**
Required. Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.
-Supported operations are Add and Get.
+Supported operations are Add and Get.
Value type is string.
-**_eUICC_/Profiles/_ICCID_/State**
+**_eUICC_/Profiles/_ICCID_/State**
Required. Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.
-Supported operation is Get.
+Supported operation is Get.
Value type is integer. Default value is 1.
-**_eUICC_/Profiles/_ICCID_/IsEnabled**
+**_eUICC_/Profiles/_ICCID_/IsEnabled**
Added in Windows 10, version 1803. Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created to enable the profile once it’s successfully downloaded and installed on the device. Can also be queried and updated by the CSP.
-Supported operations are Add, Get, and Replace.
+Supported operations are Add, Get, and Replace.
Value type is bool.
-**_eUICC_/Policies**
+**_eUICC_/Policies**
Interior node. Required. Device policies associated with the eUICC as a whole (not per-profile).
-Supported operation is Get.
+Supported operation is Get.
-**_eUICC_/Policies/LocalUIEnabled**
+**_eUICC_/Policies/LocalUIEnabled**
Required. Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.
-Supported operations are Get and Replace.
+Supported operations are Get and Replace.
Value type is boolean. Default value is true.
-**_eUICC_/Actions**
+**_eUICC_/Actions**
Interior node. Required. Actions that can be performed on the eUICC as a whole (when it's active).
Supported operation is Get.
-**_eUICC_/Actions/ResetToFactoryState**
+**_eUICC_/Actions/ResetToFactoryState**
Required. An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset.
-Supported operation is Execute.
+Supported operation is Execute.
Value type is string.
-**_eUICC_/Actions/Status**
+**_eUICC_/Actions/Status**
Required. Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE indicates operation is in progress, other values represent specific errors.
-Supported value is Get.
+Supported value is Get.
Value type is integer. Default is 0.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index c17f08e0f3..cab2efe2b9 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,7 +1,7 @@
---
title: eUICCs DDF file
description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -15,7 +15,7 @@ ms.date: 03/02/2018
This topic shows the OMA DM device description framework (DDF) for the **eUICCs** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below if for Windows 10, version 1803.
@@ -247,6 +247,30 @@ The XML below if for Windows 10, version 1803.
+
+ IsDiscoveryServer
+
+
+
+
+
+
+ false
+ Indicates whether the server is a discovery server. Optional, default value is false.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index af9202d9ca..7d3f2c7e1c 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -26,12 +26,12 @@ The table below shows the applicability of Windows:
The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709.
The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709.
-
+
Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively.
For detailed information on some of the fields below, see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](/openspecs/windows_protocols/ms-winerrata/6521c5c4-1f76-4003-9ade-5cccfc27c8ac).
-The following example shows the Firewall configuration service provider in tree format.
+The following example shows the Firewall configuration service provider in tree format.
```
./Vendor/MSFT
Firewall
@@ -130,7 +130,7 @@ Supported operation is Get.
**MdmStore/Global**
Interior node.
-Supported operations are Get.
+Supported operations are Get.
**MdmStore/Global/PolicyVersionSupported**
Integer value that contains the maximum policy version that the server host can accept. The version number is two octets in size. The lowest-order octet is the minor version; the second-to-lowest octet is the major version. This value isn't merged and is always a fixed value for a particular firewall and advanced security components software build.
@@ -144,7 +144,7 @@ Value type in integer. Supported operation is Get.
Boolean value. If false, the firewall performs stateful File Transfer Protocol (FTP) filtering to allow secondary connections. True means stateful FTP is disabled. The merge law for this option is to let "true" values win.
Default value is false.
-Data type is bool. Supported operations are Add, Get, Replace, and Delete.
+Data type is bool. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/Global/SaIdleTime**
This value configures the security association idle time, in seconds. Security associations are deleted after network traffic isn't seen for this specified period of time. The value is integer and MUST be in the range of 300 to 3,600 inclusive. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, use the local store value.
@@ -351,7 +351,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes**
ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
-If not specified, the default is All.
+If not specified, the default is All.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/*FirewallRuleName*/LocalAddressRanges**
@@ -455,16 +455,16 @@ Name of the rule.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
**FirewallRules/_FirewallRuleName_/RemoteAddressDynamicKeywords**
-Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule.
+Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
**MdmStore/DynamicKeywords**
-Interior node.
+Interior node.
Supported operation is Get.
**MdmStore/DynamicKeywords/Addresses**
-Interior node.
+Interior node.
Supported operation is Get.
**MdmStore/DynamicKeywords/Addresses/Id**
@@ -487,11 +487,11 @@ Valid tokens include:
Supported operations are Add, Delete, Replace, and Get.
**MdmStore/DynamicKeywords/Addresses/Id/AutoResolve**
-Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present.
+Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present.
Value type is string. Supported operations are Add, Delete, and Get.
Value type is string. Supported operations are Add, Delete, and Get.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 50b8729198..c31d769719 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/05/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -16,7 +16,7 @@ manager: aaroncz
This topic shows the OMA DM device description framework (DDF) for the **Firewall** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
```xml
@@ -1512,7 +1512,7 @@ ServiceName
- Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
+ Consists of one or more comma-delimited tokens specifying the local addresses covered by the rule. "*" is the default value.
Valid tokens include:
"*" indicates any local address. If present, this must be the only token included.
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 9c85e6205e..f4b7d29d2e 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -1,14 +1,14 @@
---
title: Device HealthAttestation CSP
description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
-ms.date:
+ms.date:
---
# Device HealthAttestation CSP
@@ -97,11 +97,11 @@ HealthAttestation
----MaxSupportedProtocolVersion
```
-**./Vendor/MSFT/HealthAttestation**
+**./Vendor/MSFT/HealthAttestation**
The root node for the device HealthAttestation configuration service provider.
-**TriggerAttestation** (Required)
+**TriggerAttestation** (Required)
Node type: EXECUTE
@@ -124,7 +124,7 @@ Templated SyncML Call:
{
rpID : "rpID", serviceEndpoint : "MAA endpoint",
nonce : "nonce", aadToken : "aadToken", "cv" : "CorrelationVector"
- }
+ }
@@ -145,12 +145,12 @@ Sample Data:
```json
-{
+{
"rpid" : "https://www.contoso.com/attestation",
"endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01",
"nonce" : "5468697320697320612054657374204e6f6e6365",
"aadToken" : "dummytokenstring",
-"cv" : "testonboarded"
+"cv" : "testonboarded"
}
```
@@ -176,7 +176,7 @@ Templated SyncML Call:
-
+
```
@@ -209,7 +209,7 @@ Templated SyncML Call:
-
+
```
@@ -244,7 +244,7 @@ Templated SyncML Call:
-
+
```
@@ -255,7 +255,7 @@ Sample data:
If success:
GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM
If Trigger Attestation call failed and no previous data is present. The field remains empty.
-Otherwise, the last service correlation id will be returned. In a successful attestation there are two
+Otherwise, the last service correlation id will be returned. In a successful attestation there are two
calls between client and MAA and for each call the GUID is separated by semicolon.
```
@@ -277,13 +277,13 @@ calls between client and MAA and for each call the GUID is separated by semicolo
configurationrules{
};
- authorizationrules {
+ authorizationrules {
=> permit();
};
issuancerules{
- // SecureBoot enabled
+ // SecureBoot enabled
c:[type == "events", issuer=="AttestationService"] => add(type = "efiConfigVariables", value = JmesPath(c.value, "Events[?EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && ProcessedData.VariableGuid == '8BE4DF61-93CA-11D2-AA0D-00E098032B8C']"));
c:[type == "efiConfigVariables", issuer=="AttestationPolicy"]=> issue(type = "secureBootEnabled", value = JsonToClaimValue(JmesPath(c.value, "[?ProcessedData.UnicodeName == 'SecureBoot'] | length(@) == `1` && @[0].ProcessedData.VariableData == 'AQ'")));
![type=="secureBootEnabled", issuer=="AttestationPolicy"] => issue(type="secureBootEnabled", value=false);
@@ -351,9 +351,9 @@ calls between client and MAA and for each call the GUID is separated by semicolo
// Find the first EV_SEPARATOR in PCR 12, 13, Or 14
c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq"));
c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`"));
- [type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` ");
+ [type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` ");
- // Find the first EVENT_APPLICATION_SVN.
+ // Find the first EVENT_APPLICATION_SVN.
c:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] => add(type="bootMgrSvnSeqQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12` && ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN] | @[0].EventSeq"));
c1:[type=="bootMgrSvnSeqQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="bootMgrSvnSeq", value=JmesPath(c2.value, c1.value));
c:[type=="bootMgrSvnSeq", value!="null", issuer=="AttestationPolicy"] => add(type="bootMgrSvnQuery", value=AppendString(AppendString("Events[? EventSeq == `", c.value), "`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]"));
@@ -396,7 +396,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo
c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="afterTransferCtrlClause", issuer=="AttestationPolicy"] => add(type="moduleQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13` && ((ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]) || (ProcessedData.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]))].EventSeq | @[0]"));
c1:[type=="moduleQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="moduleSeq", value=JmesPath(c2.value, c1.value));
- // Find the first EVENT_APPLICATION_SVN after EV_EVENT_TAG in PCR 12.
+ // Find the first EVENT_APPLICATION_SVN after EV_EVENT_TAG in PCR 12.
c:[type=="moduleSeq", value!="null", issuer=="AttestationPolicy"] => add(type="applicationSvnAfterModuleClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`"));
c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="applicationSvnAfterModuleClause", issuer=="AttestationPolicy"] => add(type="bootAppSvnQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]"));
c1:[type=="bootAppSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootAppSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value)));
@@ -464,7 +464,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo
}.[Signature]
```
-### Learn More
+### Learn More
More information about TPM attestation can be found here: [Microsoft Azure Attestation](/azure/attestation/).
@@ -487,7 +487,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
- DHA-CSP forwards device boot data (DHA-BootData) to DHA-Service
- DHA-Service replies with an encrypted data blob (DHA-EncBlob)
- - DHA-CSP and MDM-Server communication:
+ - DHA-CSP and MDM-Server communication:
- MDM-Server sends a device health verification request to DHA-CSP
- DHA-CSP replies with a payload called DHA-Data that includes an encrypted (DHA-EncBlob) and a signed (DHA-SignedBlob) data blob
@@ -549,10 +549,10 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
|Device Health Attestation – On Premise(DHA-OnPrem)|DHA-OnPrem refers to DHA-Service that is running on premises:
Offered to Windows Server 2016 customer (no added licensing cost for enabling/running DHA-Service)
Hosted on an enterprise owned and managed server device/hardware
Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
Accessible to all enterprise-managed devices via following settings:
FQDN = (enterprise assigned)
Port = (enterprise assigned)
Protocol = TCP|The operation cost of running one or more instances of Server 2016 on-premises.
|
|Device Health Attestation - Enterprise-Managed Cloud(DHA-EMC)|DHA-EMC refers to an enterprise-managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise-managed cloud service, such as Microsoft Azure.
Offered to Windows Server 2016 customers with no extra licensing cost (no added licensing cost for enabling/running DHA-Service)
Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios
Accessible to all enterprise-managed devices via following settings:
FQDN = (enterprise assigned)
Port = (enterprise assigned)
Protocol = TCP|The operation cost of running Server 2016 on a compatible cloud service, such as Microsoft Azure.
|
-### CSP diagram and node descriptions
+### CSP diagram and node descriptions
+
+The following shows the Device HealthAttestation configuration service provider in tree format.
-The following shows the Device HealthAttestation configuration service provider in tree format.
-
```console
./Vendor/MSFT
HealthAttestation
@@ -569,17 +569,17 @@ HealthAttestation
----MaxSupportedProtocolVersion
```
-**./Vendor/MSFT/HealthAttestation**
+**./Vendor/MSFT/HealthAttestation**
The root node for the device HealthAttestation configuration service provider.
-**VerifyHealth** (Required)
+**VerifyHealth** (Required)
Notifies the device to prepare a device health verification request.
The supported operation is Execute.
-**Status** (Required)
+**Status** (Required)
Provides the current status of the device health request.
@@ -592,19 +592,19 @@ The following list shows some examples of supported values. For the complete lis
- 2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob couldn't be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
- 3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pickup
-**ForceRetrieve** (Optional)
+**ForceRetrieve** (Optional)
Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.
Boolean value. The supported operation is Replace.
-**Certificate** (Required)
+**Certificate** (Required)
Instructs the DHA-CSP to forward DHA-Data to the MDM server.
Value type is b64. The supported operation is Get.
-**Nonce** (Required)
+**Nonce** (Required)
Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server.
@@ -612,7 +612,7 @@ The nonce is in hex format, with a minimum size of 8 bytes, and a maximum size o
The supported operations are Get and Replace.
-**CorrelationId** (Required)
+**CorrelationId** (Required)
Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting.
@@ -685,7 +685,7 @@ SSL-Session:
Protocol: TLSv1.2
Cipher: ECDHE-RSA-AES256-SHA384
Session-ID: B22300009621370F84A4A3A7D9FC40D584E047C090604E5226083A02ED239C93
- Session-ID-ctx:
+ Session-ID-ctx:
Master-Key: 9E3F6BE5B3D3B55C070470CA2B62EF59CC1D5ED9187EF5B3D1BBF4C101EE90BEB04F34FFD748A13C92A387104B8D1DE7
Key-Arg: None
PSK identity: None
@@ -706,7 +706,7 @@ There are three types of DHA-Service:
DHA-Cloud is the default setting. No further action is required if an enterprise is planning to use Microsoft DHA-Cloud as the trusted DHA-Service provider.
-For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint node to instruct a managed device to communicate with the enterprise trusted DHA-Service.
+For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint node to instruct a managed device to communicate with the enterprise trusted DHA-Service.
The following example shows a sample call that instructs a managed device to communicate with an enterprise-managed DHA-Service.
@@ -854,7 +854,7 @@ After the MDM server receives the verified data, the information can be used to
The following list of data points is verified by the DHA-Service in DHA-Report version 3:
-- [Issued](#issued )
+- [Issued](#issued )
- [AIKPresent](#aikpresent)
- [ResetCount](#resetcount) *
- [RestartCount](#restartcount) *
@@ -882,8 +882,8 @@ The following list of data points is verified by the DHA-Service in DHA-Report v
- [OSRevListInfo](#osrevlistinfo)
- [HealthStatusMismatchFlags](#healthstatusmismatchflags)
-\* TPM 2.0 only
-\*\* Reports if BitLocker was enabled during initial boot.
+\* TPM 2.0 only
+\*\* Reports if BitLocker was enabled during initial boot.
\*\*\* The "Hybrid Resume" must be disabled on the device. Reports first-party ELAM "Defender" was loaded during boot.
Each of these data points is described in further detail in the following sections, along with the recommended actions to take.
@@ -892,7 +892,7 @@ Each of these data points is described in further detail in the following sectio
The date and time DHA-report was evaluated or issued to MDM.
-**AIKPresent**
+**AIKPresent**
When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesn’t have an EK certificate.
@@ -913,7 +913,7 @@ This attribute reports the number of times a PC device has hibernated or resumed
This attribute reports the number of times a PC device has rebooted.
-**DEPPolicy**
+**DEPPolicy**
A device can be trusted more if the DEP Policy is enabled on the device.
@@ -933,7 +933,7 @@ If DEPPolicy = 0 (Off), then take one of the following actions that align with y
- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
- Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
-**BitLockerStatus** (at boot time)
+**BitLockerStatus** (at boot time)
When BitLocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.
@@ -976,7 +976,7 @@ If `CodeIntegrityRevListVersion !`= [CurrentVersion], then take one of the follo
- Place the device in a watch list to monitor the device more closely for potential risks.
- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
-**SecureBootEnabled**
+**SecureBootEnabled**
When Secure Boot is enabled, the core components used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies this requirement before it lets the machine start. If any files have been tampered with, breaking their signature, the system won't boot.
@@ -1005,7 +1005,7 @@ If BootDebuggingEnabled = 1 (True), then take one of the following actions that
- Disallow all access.
- Disallow access to HBI assets.
- Place the device in a watch list to monitor the device more closely for potential risks.
-- Trigger a corrective action, such as enabling VSM using WMI or a PowerShell script.
+- Trigger a corrective action, such as enabling VSM using WMI or a PowerShell script.
**OSKernelDebuggingEnabled**
@@ -1020,7 +1020,7 @@ If OSKernelDebuggingEnabled = 1 (True), then take one of the following actions t
- Place the device in a watch list to monitor the device more closely for potential risks.
- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
-**CodeIntegrityEnabled**
+**CodeIntegrityEnabled**
When code integrity is enabled, code execution is restricted to integrity verified code.
@@ -1055,7 +1055,7 @@ If TestSigningEnabled = 1 (True), then take one of the following actions that al
- Place the device in a watch list to monitor the device more closely for potential risks.
- Trigger a corrective action, such as enabling test signing using WMI or a PowerShell script.
-**SafeMode**
+**SafeMode**
Safe mode is a troubleshooting option for Windows that starts your computer in a limited state. Only the basic files and drivers necessary to run Windows are started.
@@ -1067,7 +1067,7 @@ If SafeMode = 1 (True), then take one of the following actions that align with y
- Disallow access to HBI assets.
- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
-**WinPE**
+**WinPE**
Windows pre-installation Environment (Windows PE) is a minimal operating system with limited services that is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup.
@@ -1101,7 +1101,7 @@ If ELAMDriverLoaded = 0 (False), then take one of the following actions that ali
- Disallow access to HBI assets.
- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue.
-**VSMEnabled**
+**VSMEnabled**
Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1 GB of memory – it has enough capability to run the LSA service that is used for all authentication brokering.
@@ -1212,7 +1212,7 @@ If reported OSRevListInfo version equals an accepted value, then allow access.
If reported OSRevListInfo version doesn't equal an accepted value, then take one of the following actions that align with your enterprise policies:
- Disallow all access.
-- Direct the device to an enterprise honeypot, to further monitor the device's activities.
+- Direct the device to an enterprise honeypot, to further monitor the device's activities.
**HealthStatusMismatchFlags**
@@ -1222,70 +1222,70 @@ If an issue is detected, a list of impacted DHA-report elements will be listed u
### Device HealthAttestation CSP status and error codes
-Error code: 0 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED
+Error code: 0 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED
Error description: This state is the initial state for devices that have never participated in a DHA-Session.
-Error code: 1 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED
+Error code: 1 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED
Error description: This state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.
-Error code: 2 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED
+Error code: 2 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED
Error description: This state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.
-Error code: 3 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE
+Error code: 3 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE
Error description: This state signifies that the device has successfully retrieved DHA-EncBlob from the DHA-Server.
-Error code: 4 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAIL
+Error code: 4 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_PCR_FAIL
Error description: Deprecated in Windows 10, version 1607.
-Error code: 5 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAIL
+Error code: 5 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETQUOTE_FAIL
Error description: DHA-CSP failed to get a claim quote.
-Error code: 6 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READY
+Error code: 6 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_DEVICE_NOT_READY
Error description: DHA-CSP failed in opening a handle to Microsoft Platform Crypto Provider.
-Error code: 7 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAIL
+Error code: 7 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_WINDOWS_AIK_FAIL
Error description: DHA-CSP failed in retrieving Windows AIK
-Error code: 8 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAIL
+Error code: 8 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FROM_WEB_FAIL
Error description: Deprecated in Windows 10, version 1607.
-Error code: 9 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSION
+Error code: 9 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_INVALID_TPM_VERSION
Error description: Invalid TPM version (TPM version isn't 1.2 or 2.0)
-Error code: 10 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAIL
+Error code: 10 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETNONCE_FAIL
Error description: Nonce wasn't found in the registry.
-Error code: 11 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAIL
+Error code: 11 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCORRELATIONID_FAIL
Error description: Correlation ID wasn't found in the registry.
-Error code: 12 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAIL
+Error code: 12 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCERT_FAIL
Error description: Deprecated in Windows 10, version 1607.
-Error code: 13 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAIL
+Error code: 13 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_GETCLAIM_FAIL
Error description: Deprecated in Windows 10, version 1607.
-Error code: 14 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAIL
+Error code: 14 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENCODING_FAIL
Error description: Failure in Encoding functions. (Extremely unlikely scenario)
-Error code: 15 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAIL
+Error code: 15 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_ENDPOINTOVERRIDE_FAIL
Error description: Deprecated in Windows 10, version 1607.
-Error code: 16 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XML
+Error code: 16 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_LOAD_XML
Error description: DHA-CSP failed to load the payload it received from DHA-Service
-Error code: 17 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XML
+Error code: 17 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CORRUPT_XML
Error description: DHA-CSP received a corrupted response from DHA-Service.
-Error code: 18 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XML
+Error code: 18 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EMPTY_XML
Error description: DHA-CSP received an empty response from DHA-Service.
-Error code: 19 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EK
+Error code: 19 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_AES_EK
Error description: DHA-CSP failed in decrypting the AES key from the EK challenge.
-Error code: 20 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EK
+Error code: 20 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_DECRYPT_CERT_AES_EK
Error description: DHA-CSP failed in decrypting the health cert with the AES key.
-Error code: 21 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUB
+Error code: 21 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_EXPORT_AIKPUB
Error description: DHA-CSP failed in exporting the AIK Public Key.
Error code: 22 | Error name: HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_CLAIMAUTHORITYONLY
@@ -1413,7 +1413,7 @@ Error description: DHA-Service isn't reachable by DHA-CSP
-
+
@@ -1430,7 +1430,7 @@ Error description: DHA-Service isn't reachable by DHA-CSP
-
@@ -1474,7 +1474,7 @@ xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validatio
112
- 4ACCBE0ADB9627FFD6285C2E06EC5AC59ABF62C7
+ 4ACCBE0ADB9627FFD6285C2E06EC5AC59ABF62C700000000000001001A000B00200000005300690050006F006C006900630079002E007000370062000000A4BF7EF05585876A61CBFF7CAE8123BE756D58B1BBE04F9719D15D6271514CF5005D447A7CC6D101200000000B00CBB56E8B19267E24A2986C4A616CCB58B4D53F6020AC8FD5FC205C20F2AB00BC8073EEA7F8FAD001200000000B00A8285B04DE618ACF4174C59F07AECC002D11DD7D97FA5D464F190C9D9E3479BA
@@ -1488,4 +1488,4 @@ For more information, see [PC Client TPM Certification](https://trustedcomputing
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 1d1e14d1ab..f0277343bb 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,7 +1,7 @@
---
title: HealthAttestation DDF
description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@@ -16,7 +16,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **HealthAttestation** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
@@ -92,7 +92,7 @@ The XML below is the current version for this CSP.
- Provides the current status of the device health request. For the complete list of status see https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes
+ Provides the current status of the device health request. For the complete list of status see https://learn.microsoft.com/windows/client-management/mdm/healthattestation-csp#device-healthattestation-csp-status-and-error-codes
@@ -456,9 +456,3 @@ The XML below is the current version for this CSP.
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png b/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png
deleted file mode 100644
index 28ae086ef7..0000000000
Binary files a/windows/client-management/mdm/images/Provisioning_CSP_DMClient_TH2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png b/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png
deleted file mode 100644
index f7d21f0a94..0000000000
Binary files a/windows/client-management/mdm/images/Provisioning_CSP_RemoteWipe_DMandCP.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png b/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png
deleted file mode 100644
index a4c67a8b7e..0000000000
Binary files a/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/admx-appv-publishing.png b/windows/client-management/mdm/images/admx-appv-publishing.png
deleted file mode 100644
index 31d83e9329..0000000000
Binary files a/windows/client-management/mdm/images/admx-appv-publishing.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png b/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png
deleted file mode 100644
index 802d843215..0000000000
Binary files a/windows/client-management/mdm/images/auto-enrollment-azure-ad-device-settings.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/autoenrollment-device-status.png b/windows/client-management/mdm/images/autoenrollment-device-status.png
deleted file mode 100644
index 67072b0da7..0000000000
Binary files a/windows/client-management/mdm/images/autoenrollment-device-status.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/block-untrusted-processes.png b/windows/client-management/mdm/images/block-untrusted-processes.png
deleted file mode 100644
index c9d774457e..0000000000
Binary files a/windows/client-management/mdm/images/block-untrusted-processes.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/businessstoreportalservices10.png b/windows/client-management/mdm/images/businessstoreportalservices10.png
deleted file mode 100644
index bd643ebfac..0000000000
Binary files a/windows/client-management/mdm/images/businessstoreportalservices10.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/businessstoreportalservices11.png b/windows/client-management/mdm/images/businessstoreportalservices11.png
deleted file mode 100644
index f420a32be4..0000000000
Binary files a/windows/client-management/mdm/images/businessstoreportalservices11.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/businessstoreportalservices12.png b/windows/client-management/mdm/images/businessstoreportalservices12.png
deleted file mode 100644
index 10cda8c9d6..0000000000
Binary files a/windows/client-management/mdm/images/businessstoreportalservices12.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/businessstoreportalservices13.png b/windows/client-management/mdm/images/businessstoreportalservices13.png
deleted file mode 100644
index c839aea73c..0000000000
Binary files a/windows/client-management/mdm/images/businessstoreportalservices13.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/businessstoreportalservices14.png b/windows/client-management/mdm/images/businessstoreportalservices14.png
deleted file mode 100644
index 01173f564e..0000000000
Binary files a/windows/client-management/mdm/images/businessstoreportalservices14.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/businessstoreportalservices8.png b/windows/client-management/mdm/images/businessstoreportalservices8.png
deleted file mode 100644
index 81668d8ed3..0000000000
Binary files a/windows/client-management/mdm/images/businessstoreportalservices8.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/businessstoreportalservices9.png b/windows/client-management/mdm/images/businessstoreportalservices9.png
deleted file mode 100644
index 1aaec4889e..0000000000
Binary files a/windows/client-management/mdm/images/businessstoreportalservices9.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/checkmark.png b/windows/client-management/mdm/images/checkmark.png
deleted file mode 100644
index 253e5fe54b..0000000000
Binary files a/windows/client-management/mdm/images/checkmark.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/class-guids.png b/windows/client-management/mdm/images/class-guids.png
deleted file mode 100644
index 6951e4ed5a..0000000000
Binary files a/windows/client-management/mdm/images/class-guids.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/crossmark.png b/windows/client-management/mdm/images/crossmark.png
deleted file mode 100644
index b6758f3095..0000000000
Binary files a/windows/client-management/mdm/images/crossmark.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/device-manager-disk-drives.png b/windows/client-management/mdm/images/device-manager-disk-drives.png
deleted file mode 100644
index 44be977537..0000000000
Binary files a/windows/client-management/mdm/images/device-manager-disk-drives.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures2.png b/windows/client-management/mdm/images/diagnose-mdm-failures2.png
deleted file mode 100644
index ca29ceeac3..0000000000
Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures3.png b/windows/client-management/mdm/images/diagnose-mdm-failures3.png
deleted file mode 100644
index 5da5c15077..0000000000
Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures3.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures4.png b/windows/client-management/mdm/images/diagnose-mdm-failures4.png
deleted file mode 100644
index 20b55dcee7..0000000000
Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures4.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures5.png b/windows/client-management/mdm/images/diagnose-mdm-failures5.png
deleted file mode 100644
index 6a3dec9354..0000000000
Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures5.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures6.png b/windows/client-management/mdm/images/diagnose-mdm-failures6.png
deleted file mode 100644
index 5a9647cccd..0000000000
Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures6.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures7.png b/windows/client-management/mdm/images/diagnose-mdm-failures7.png
deleted file mode 100644
index f39af3ccec..0000000000
Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures7.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures8.png b/windows/client-management/mdm/images/diagnose-mdm-failures8.png
deleted file mode 100644
index d066198c59..0000000000
Binary files a/windows/client-management/mdm/images/diagnose-mdm-failures8.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/disk-drive-hardware-id.png b/windows/client-management/mdm/images/disk-drive-hardware-id.png
deleted file mode 100644
index cf8399acf4..0000000000
Binary files a/windows/client-management/mdm/images/disk-drive-hardware-id.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/enterpriseassignedaccess-csp.png b/windows/client-management/mdm/images/enterpriseassignedaccess-csp.png
deleted file mode 100644
index 9febfb37df..0000000000
Binary files a/windows/client-management/mdm/images/enterpriseassignedaccess-csp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/flow-configlock.png b/windows/client-management/mdm/images/flow-configlock.png
deleted file mode 100644
index 4310537887..0000000000
Binary files a/windows/client-management/mdm/images/flow-configlock.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/hardware-ids.png b/windows/client-management/mdm/images/hardware-ids.png
deleted file mode 100644
index 9017f289f6..0000000000
Binary files a/windows/client-management/mdm/images/hardware-ids.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png b/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png
deleted file mode 100644
index 1475cb600f..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-accountmanagement.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-accounts.png b/windows/client-management/mdm/images/provisioning-csp-accounts.png
deleted file mode 100644
index ceb90aff58..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-accounts.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-activesync-cp.png b/windows/client-management/mdm/images/provisioning-csp-activesync-cp.png
deleted file mode 100644
index f73fce23b5..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-activesync-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-alljoynmanagement.png b/windows/client-management/mdm/images/provisioning-csp-alljoynmanagement.png
deleted file mode 100644
index 8bfe73ca36..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-alljoynmanagement.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png
deleted file mode 100644
index 012b0b392b..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-applocker.png b/windows/client-management/mdm/images/provisioning-csp-applocker.png
deleted file mode 100644
index 20e46ea2eb..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-applocker.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png
deleted file mode 100644
index 663f449910..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png
deleted file mode 100644
index 63ccb6fc89..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-bootstrap-cp.png b/windows/client-management/mdm/images/provisioning-csp-bootstrap-cp.png
deleted file mode 100644
index f7ec4f65f7..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-bootstrap-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-browserfavorite-cp.png b/windows/client-management/mdm/images/provisioning-csp-browserfavorite-cp.png
deleted file mode 100644
index f79837b683..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-browserfavorite-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-cellularsettings.png b/windows/client-management/mdm/images/provisioning-csp-cellularsettings.png
deleted file mode 100644
index c8fbd79761..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-cellularsettings.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-certificatestore.png b/windows/client-management/mdm/images/provisioning-csp-certificatestore.png
deleted file mode 100644
index 291122996d..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-certificatestore.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-cleanpc.png b/windows/client-management/mdm/images/provisioning-csp-cleanpc.png
deleted file mode 100644
index 1b1d0fb613..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-cleanpc.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-clientcertificateinstall.png b/windows/client-management/mdm/images/provisioning-csp-clientcertificateinstall.png
deleted file mode 100644
index 285576269b..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-clientcertificateinstall.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-cm-cellularentries.png b/windows/client-management/mdm/images/provisioning-csp-cm-cellularentries.png
deleted file mode 100644
index 87e5cd25ba..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-cm-cellularentries.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-cm-proxyentries-cp.png b/windows/client-management/mdm/images/provisioning-csp-cm-proxyentries-cp.png
deleted file mode 100644
index 6a1a3c35c2..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-cm-proxyentries-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-cmpolicy.png b/windows/client-management/mdm/images/provisioning-csp-cmpolicy.png
deleted file mode 100644
index 71d5c46b33..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-cmpolicy.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-cmpolicyenterprise.png b/windows/client-management/mdm/images/provisioning-csp-cmpolicyenterprise.png
deleted file mode 100644
index 1668606ec0..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-cmpolicyenterprise.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-customdeviceui.png b/windows/client-management/mdm/images/provisioning-csp-customdeviceui.png
deleted file mode 100644
index 0bccee955f..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-customdeviceui.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-defender.png b/windows/client-management/mdm/images/provisioning-csp-defender.png
deleted file mode 100644
index ccf57208df..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-defender.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png
deleted file mode 100644
index 76df1eafea..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-developersetup.png b/windows/client-management/mdm/images/provisioning-csp-developersetup.png
deleted file mode 100644
index 09793afcf9..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-developersetup.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-deviceinstanceservice.png b/windows/client-management/mdm/images/provisioning-csp-deviceinstanceservice.png
deleted file mode 100644
index c03c7232ac..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-deviceinstanceservice.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-devicelock.png b/windows/client-management/mdm/images/provisioning-csp-devicelock.png
deleted file mode 100644
index f89b1a62aa..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-devicelock.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-devicemanageability.png b/windows/client-management/mdm/images/provisioning-csp-devicemanageability.png
deleted file mode 100644
index 136c240862..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-devicemanageability.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-devicestatus.png b/windows/client-management/mdm/images/provisioning-csp-devicestatus.png
deleted file mode 100644
index 520d58a825..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-devicestatus.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-devinfo-dm.png b/windows/client-management/mdm/images/provisioning-csp-devinfo-dm.png
deleted file mode 100644
index 31487a542f..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-devinfo-dm.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png b/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png
deleted file mode 100644
index a12415ae84..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-diagnosticlog.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-dmacc-dm.png b/windows/client-management/mdm/images/provisioning-csp-dmacc-dm.png
deleted file mode 100644
index 6c2c9150ee..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-dmacc-dm.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png b/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png
deleted file mode 100644
index 28ae086ef7..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-dmsessionactions.png b/windows/client-management/mdm/images/provisioning-csp-dmsessionactions.png
deleted file mode 100644
index 3333e92249..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-dmsessionactions.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-dynamicmanagement.png b/windows/client-management/mdm/images/provisioning-csp-dynamicmanagement.png
deleted file mode 100644
index fc7e7f12aa..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-dynamicmanagement.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-email2.png b/windows/client-management/mdm/images/provisioning-csp-email2.png
deleted file mode 100644
index 980b403aee..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-email2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png b/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png
deleted file mode 100644
index 3025185664..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enrollmentstatustracking.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseapn-rs1.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseapn-rs1.png
deleted file mode 100644
index 33f7471063..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseapn-rs1.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseappmanagement.png
deleted file mode 100644
index bbc01eb24c..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseappmanagement.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseappvmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseappvmanagement.png
deleted file mode 100644
index 1650842550..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseappvmanagement.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseassignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseassignedaccess.png
deleted file mode 100644
index 3411096e90..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseassignedaccess.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisedataprotection.png b/windows/client-management/mdm/images/provisioning-csp-enterprisedataprotection.png
deleted file mode 100644
index 960a246a41..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterprisedataprotection.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisedesktopappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterprisedesktopappmanagement.png
deleted file mode 100644
index 573749b4ec..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterprisedesktopappmanagement.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseext.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseext.png
deleted file mode 100644
index 04cf1f18fe..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseext.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterpriseextfilesystem.png b/windows/client-management/mdm/images/provisioning-csp-enterpriseextfilesystem.png
deleted file mode 100644
index e90fe5ba90..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterpriseextfilesystem.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png
deleted file mode 100644
index 4328edcad7..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-euiccs.png b/windows/client-management/mdm/images/provisioning-csp-euiccs.png
deleted file mode 100644
index 387fdae3fb..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-euiccs.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-filesystem-dm.png b/windows/client-management/mdm/images/provisioning-csp-filesystem-dm.png
deleted file mode 100644
index 525159c3b2..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-filesystem-dm.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-firewall.png b/windows/client-management/mdm/images/provisioning-csp-firewall.png
deleted file mode 100644
index 4720e51cd7..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-firewall.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-healthattestation.png b/windows/client-management/mdm/images/provisioning-csp-healthattestation.png
deleted file mode 100644
index 20c1a14566..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-healthattestation.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-hotspot-cp.png b/windows/client-management/mdm/images/provisioning-csp-hotspot-cp.png
deleted file mode 100644
index d3f928a8a7..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-hotspot-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-maps.png b/windows/client-management/mdm/images/provisioning-csp-maps.png
deleted file mode 100644
index 2fe7ee311d..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-maps.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-messaging.png b/windows/client-management/mdm/images/provisioning-csp-messaging.png
deleted file mode 100644
index 620476da70..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-messaging.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-multisim.png b/windows/client-management/mdm/images/provisioning-csp-multisim.png
deleted file mode 100644
index 86473079f4..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-multisim.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-nap.png b/windows/client-management/mdm/images/provisioning-csp-nap.png
deleted file mode 100644
index 9af073c7c0..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-nap.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-napdef-cp-2.png b/windows/client-management/mdm/images/provisioning-csp-napdef-cp-2.png
deleted file mode 100644
index 492b973eda..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-napdef-cp-2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-napdef-cp.png b/windows/client-management/mdm/images/provisioning-csp-napdef-cp.png
deleted file mode 100644
index b62865faf9..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-napdef-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png b/windows/client-management/mdm/images/provisioning-csp-networkproxy.png
deleted file mode 100644
index 23671d20f1..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-networkproxy.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-networkqospolicy.png b/windows/client-management/mdm/images/provisioning-csp-networkqospolicy.png
deleted file mode 100644
index 734c4213ec..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-networkqospolicy.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-nodecache.png b/windows/client-management/mdm/images/provisioning-csp-nodecache.png
deleted file mode 100644
index d46abae93f..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-nodecache.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-office.png b/windows/client-management/mdm/images/provisioning-csp-office.png
deleted file mode 100644
index c6bf90a18a..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-office.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-passportforwork.png b/windows/client-management/mdm/images/provisioning-csp-passportforwork.png
deleted file mode 100644
index 1714a93764..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-passportforwork.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png b/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png
deleted file mode 100644
index 92585d5426..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-personalization.png b/windows/client-management/mdm/images/provisioning-csp-personalization.png
deleted file mode 100644
index c64c18ce5c..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-personalization.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-policy.png b/windows/client-management/mdm/images/provisioning-csp-policy.png
deleted file mode 100644
index d44ef30e52..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-policy.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-policymanager.png b/windows/client-management/mdm/images/provisioning-csp-policymanager.png
deleted file mode 100644
index 48d5b056df..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-policymanager.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-provisioning.png b/windows/client-management/mdm/images/provisioning-csp-provisioning.png
deleted file mode 100644
index 8383027916..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-provisioning.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-proxy.png b/windows/client-management/mdm/images/provisioning-csp-proxy.png
deleted file mode 100644
index 471842dbdb..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-proxy.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp-2.png b/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp-2.png
deleted file mode 100644
index 19c6b30cf1..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp-2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp.png b/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp.png
deleted file mode 100644
index b224a2cdc8..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-pxlogical-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-remotefind.png b/windows/client-management/mdm/images/provisioning-csp-remotefind.png
deleted file mode 100644
index 5ef59e1e3a..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-remotefind.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-remotelock.png b/windows/client-management/mdm/images/provisioning-csp-remotelock.png
deleted file mode 100644
index dc7fb40afa..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-remotelock.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-remotering.png b/windows/client-management/mdm/images/provisioning-csp-remotering.png
deleted file mode 100644
index 6cd032f383..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-remotering.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png
deleted file mode 100644
index 73494217f8..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-reporting.png b/windows/client-management/mdm/images/provisioning-csp-reporting.png
deleted file mode 100644
index 6d2c4695b1..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-reporting.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png b/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png
deleted file mode 100644
index 68672472c3..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-rootcacertificate.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-securitypolicy-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-securitypolicy-dmandcp.png
deleted file mode 100644
index b3c09e85e4..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-securitypolicy-dmandcp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-storage.png b/windows/client-management/mdm/images/provisioning-csp-storage.png
deleted file mode 100644
index 072e20e583..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-storage.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png
deleted file mode 100644
index f123d98073..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-surfacehub.png b/windows/client-management/mdm/images/provisioning-csp-surfacehub.png
deleted file mode 100644
index 1e31e34b6e..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-surfacehub.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png b/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png
deleted file mode 100644
index e788aebb52..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-tenantlockdown.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png b/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png
deleted file mode 100644
index 8950a1614d..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-tpmpolicy.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-uefi.png b/windows/client-management/mdm/images/provisioning-csp-uefi.png
deleted file mode 100644
index 42adcc7895..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-uefi.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-update.png b/windows/client-management/mdm/images/provisioning-csp-update.png
deleted file mode 100644
index e88466a113..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-update.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-uwf.png b/windows/client-management/mdm/images/provisioning-csp-uwf.png
deleted file mode 100644
index 4f21fd2a03..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-uwf.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-vpn.png b/windows/client-management/mdm/images/provisioning-csp-vpn.png
deleted file mode 100644
index f46b884641..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-vpn.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2.png
deleted file mode 100644
index 09c27e0e12..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-vpnv2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-w4-application-cp.png b/windows/client-management/mdm/images/provisioning-csp-w4-application-cp.png
deleted file mode 100644
index b6c9e3bd8f..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-w4-application-cp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-w7-application-dm.png b/windows/client-management/mdm/images/provisioning-csp-w7-application-dm.png
deleted file mode 100644
index 78cfe00a0e..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-w7-application-dm.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-watp.png b/windows/client-management/mdm/images/provisioning-csp-watp.png
deleted file mode 100644
index 7ce8a10a78..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-watp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-wifi.png b/windows/client-management/mdm/images/provisioning-csp-wifi.png
deleted file mode 100644
index 28f5080466..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-wifi.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-win32appinventory.png b/windows/client-management/mdm/images/provisioning-csp-win32appinventory.png
deleted file mode 100644
index 9ce9119d77..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-win32appinventory.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png b/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png
deleted file mode 100644
index a15961bbcc..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-win32compatibilityappraiser.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png
deleted file mode 100644
index 5896b7c1df..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png b/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png
deleted file mode 100644
index 07ca4f9982..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-windowslicensing.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-windowssecurityauditing.png b/windows/client-management/mdm/images/provisioning-csp-windowssecurityauditing.png
deleted file mode 100644
index fe0baef545..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-windowssecurityauditing.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png b/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png
deleted file mode 100644
index 2fd93631ff..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-customcsp-example1.png b/windows/client-management/mdm/images/provisioning-customcsp-example1.png
deleted file mode 100644
index 5c1fba7347..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-customcsp-example1.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/provisioning-customcsp-example2.png b/windows/client-management/mdm/images/provisioning-customcsp-example2.png
deleted file mode 100644
index 3f45c8ca1f..0000000000
Binary files a/windows/client-management/mdm/images/provisioning-customcsp-example2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/reboot-csp.png b/windows/client-management/mdm/images/reboot-csp.png
deleted file mode 100644
index 3779d5fcd6..0000000000
Binary files a/windows/client-management/mdm/images/reboot-csp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/secureassessment-csp.png b/windows/client-management/mdm/images/secureassessment-csp.png
deleted file mode 100644
index 9538f31626..0000000000
Binary files a/windows/client-management/mdm/images/secureassessment-csp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/sharedpc-csp.png b/windows/client-management/mdm/images/sharedpc-csp.png
deleted file mode 100644
index 3491643287..0000000000
Binary files a/windows/client-management/mdm/images/sharedpc-csp.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-21.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-21.png
deleted file mode 100644
index ca53b739d5..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-21.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-22.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-22.png
deleted file mode 100644
index e0686385c0..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-22.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-23.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-23.png
deleted file mode 100644
index b7b5659cdc..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-23.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-24.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-24.png
deleted file mode 100644
index 79c4cd6bf4..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-24.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-25.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-25.png
deleted file mode 100644
index 451edd5207..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-25.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-33.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-33.png
deleted file mode 100644
index e46a66db99..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-33.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-34.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-34.png
deleted file mode 100644
index 28bccd8d04..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-34.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-35.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-35.png
deleted file mode 100644
index 808a093cdc..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-35.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-36.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-36.png
deleted file mode 100644
index 4f64e04263..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-36.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-37-b.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-37-b.png
deleted file mode 100644
index 304bf8aa0b..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-37-b.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/unifiedenrollment-rs1-37.png b/windows/client-management/mdm/images/unifiedenrollment-rs1-37.png
deleted file mode 100644
index ef30e3dddf..0000000000
Binary files a/windows/client-management/mdm/images/unifiedenrollment-rs1-37.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/update-policies.png b/windows/client-management/mdm/images/update-policies.png
deleted file mode 100644
index af72edd294..0000000000
Binary files a/windows/client-management/mdm/images/update-policies.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update.png b/windows/client-management/mdm/images/windowsembedded-update.png
deleted file mode 100644
index 1a1eaa7c64..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update10.png b/windows/client-management/mdm/images/windowsembedded-update10.png
deleted file mode 100644
index aae3534dfd..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update10.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update11.png b/windows/client-management/mdm/images/windowsembedded-update11.png
deleted file mode 100644
index 74a747adf4..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update11.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update12.png b/windows/client-management/mdm/images/windowsembedded-update12.png
deleted file mode 100644
index 5279b02c64..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update12.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update13.png b/windows/client-management/mdm/images/windowsembedded-update13.png
deleted file mode 100644
index dfa15a35e3..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update13.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update14.png b/windows/client-management/mdm/images/windowsembedded-update14.png
deleted file mode 100644
index 58417d2ca4..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update14.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update15.png b/windows/client-management/mdm/images/windowsembedded-update15.png
deleted file mode 100644
index 2a234c3c41..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update15.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update16.png b/windows/client-management/mdm/images/windowsembedded-update16.png
deleted file mode 100644
index d5833c233f..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update16.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update17.png b/windows/client-management/mdm/images/windowsembedded-update17.png
deleted file mode 100644
index b4cd548cca..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update17.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update18.png b/windows/client-management/mdm/images/windowsembedded-update18.png
deleted file mode 100644
index 58c4d1c93f..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update18.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update19.png b/windows/client-management/mdm/images/windowsembedded-update19.png
deleted file mode 100644
index 7684ebabd5..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update19.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update2.png b/windows/client-management/mdm/images/windowsembedded-update2.png
deleted file mode 100644
index 71b47fca43..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update2.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update21.png b/windows/client-management/mdm/images/windowsembedded-update21.png
deleted file mode 100644
index fdf72a8ca3..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update21.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update22.png b/windows/client-management/mdm/images/windowsembedded-update22.png
deleted file mode 100644
index 9e677907a6..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update22.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update23.png b/windows/client-management/mdm/images/windowsembedded-update23.png
deleted file mode 100644
index f41ea8efda..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update23.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update3.png b/windows/client-management/mdm/images/windowsembedded-update3.png
deleted file mode 100644
index 1d69407fd3..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update3.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update4.png b/windows/client-management/mdm/images/windowsembedded-update4.png
deleted file mode 100644
index 0d5c96a2cc..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update4.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update5.png b/windows/client-management/mdm/images/windowsembedded-update5.png
deleted file mode 100644
index 18b0ac7828..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update5.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update6.png b/windows/client-management/mdm/images/windowsembedded-update6.png
deleted file mode 100644
index 37a8b2ebe4..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update6.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update7.png b/windows/client-management/mdm/images/windowsembedded-update7.png
deleted file mode 100644
index a38954e8c6..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update7.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update8.png b/windows/client-management/mdm/images/windowsembedded-update8.png
deleted file mode 100644
index 0a99c6bcae..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update8.png and /dev/null differ
diff --git a/windows/client-management/mdm/images/windowsembedded-update9.png b/windows/client-management/mdm/images/windowsembedded-update9.png
deleted file mode 100644
index 3d6780497d..0000000000
Binary files a/windows/client-management/mdm/images/windowsembedded-update9.png and /dev/null differ
diff --git a/windows/client-management/mdm/index.yml b/windows/client-management/mdm/index.yml
index 93540583f5..fe657489a9 100644
--- a/windows/client-management/mdm/index.yml
+++ b/windows/client-management/mdm/index.yml
@@ -1,11 +1,11 @@
### YamlMime:Landing
-title: Mobile Device Management # < 60 chars
-summary: Find out how to enroll Windows devices and manage company security policies and business applications. # < 160 chars
+title: Configuration Service Provider # < 60 chars
+summary: Learn more about the configuration service provider (CSP) policies available on Windows 10 and Windows 11. # < 160 chars
metadata:
- title: Mobile Device Management # Required; page title displayed in search results. Include the brand. < 60 chars.
- description: Find out how to enroll Windows devices and manage company security policies and business applications. # Required; article description that is displayed in search results. < 160 chars.
+ title: Configuration Service Provider # Required; page title displayed in search results. Include the brand. < 60 chars.
+ description: Learn more about the configuration service provider (CSP) policies available on Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
ms.topic: landing-page # Required
services: windows-10
ms.prod: windows
@@ -24,56 +24,46 @@ metadata:
landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
- # Card (optional)
- - title: Device enrollment
- linkLists:
- - linkListType: overview
- links:
- - text: Mobile device enrollment
- url: mobile-device-enrollment.md
- - linkListType: concept
- links:
- - text: Enroll Windows devices
- url: mdm-enrollment-of-windows-devices.md
- - text: Automatic enrollment using Azure AD
- url: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
- - text: Automatic enrollment using Group Policy
- url: enroll-a-windows-10-device-automatically-using-group-policy.md
- - text: Bulk enrollment
- url: bulk-enrollment-using-windows-provisioning-tool.md
# Card (optional)
- - title: Device management
+ - title: Configuration service provider reference
linkLists:
- - linkListType: overview
+ - linkListType: reference
links:
- - text: Enterprise settings, policies, and app management
- url: windows-mdm-enterprise-settings.md
- - linkListType: concept
- links:
- - text: Enterprise app management
- url: enterprise-app-management.md
- - text: Device updates management
- url: device-update-management.md
- - text: Secured-core PC configuration lock
- url: config-lock.md
- - text: Diagnose MDM failures
- url: diagnose-mdm-failures-in-windows-10.md
+ - text: Support scenarios
+ url: configuration-service-provider-support.md
+ - text: Device description framework (DDF) files
+ url: configuration-service-provider-ddf.md
+ - text: BitLocker CSP
+ url: bitlocker-csp.md
+ - text: DynamicManagement CSP
+ url: dynamicmanagement-csp.md
+
# Card (optional)
- - title: CSP reference
+ - title: Policy CSP
linkLists:
- - linkListType: overview
- links:
- - text: Configuration service provider reference
- url: configuration-service-provider-reference.md
- linkListType: reference
links:
- text: Policy CSP
url: policy-configuration-service-provider.md
+ - text: Policy DDF file
+ url: policy-ddf-file.md
+ - text: Policy CSP - Start
+ url: policy-csp-start.md
- text: Policy CSP - Update
url: policy-csp-update.md
- - text: DynamicManagement CSP
- url: dynamicmanagement-csp.md
- - text: BitLocker CSP
- url: bitlocker-csp.md
+
+ # Card (optional)
+ - title: Policy CSP support scenarios
+ linkLists:
+ - linkListType: reference
+ links:
+ - text: ADMX policies
+ url: policies-in-policy-csp-admx-backed.md
+ - text: Policies supported by group policy
+ url: policies-in-policy-csp-supported-by-group-policy.md
+ - text: Policies supported by HoloLens 2
+ url: policies-in-policy-csp-supported-by-hololens2.md
+ - text: Policies supported by Microsoft Surface Hub
+ url: policies-in-policy-csp-supported-by-surface-hub.md
\ No newline at end of file
diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md
new file mode 100644
index 0000000000..9c383468c7
--- /dev/null
+++ b/windows/client-management/mdm/laps-csp.md
@@ -0,0 +1,765 @@
+---
+title: Local Administrator Password Solution CSP
+description: Learn how the Local Administrator Password Solution configuration service provider (CSP) is used by the enterprise to manage backup of local administrator account passwords.
+ms.author: jsimmons
+author: jay98014
+ms.reviewer: vinpa
+manager: aaroncz
+ms.topic: reference
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.localizationpriority: medium
+ms.date: 09/20/2022
+---
+
+# Local Administrator Password Solution CSP
+
+The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. This CSP was added in Windows 11 as of version 25145.
+
+> [!IMPORTANT]
+> Windows LAPS is currently only available in Windows Insider builds as of 25145 and later. Support for the Windows LAPS Azure AD scenario is currently limited to a small group of Windows Insiders.
+
+> [!TIP]
+> This article covers the specific technical details of the LAPS CSP. For more information about the scenarios in which the LAPS CSP would be used, see [Windows Local Administrator Password Solution](/windows-server/identity/laps/laps).
+
+The following example shows the LAPS CSP in tree format.
+
+```xml
+./Device/Vendor/MSFT
+LAPS
+----Policies
+--------BackupDirectory
+--------PasswordAgeDays
+--------PasswordLength
+--------PasswordComplexity
+--------PasswordExpirationProtectionEnabled
+--------AdministratorAccountName
+--------ADPasswordEncryptionEnabled
+--------ADPasswordEncryptionPrincipal
+--------ADEncryptedPasswordHistorySize
+--------PostAuthenticationResetDelay
+--------PostAuthenticationActions
+----Actions
+--------ResetPassword
+--------ResetPasswordStatus
+```
+
+The LAPS CSP can be used to manage devices that are either joined to Azure AD or joined to both Azure AD and Active Directory (hybrid-joined). The LAPS CSP manages a mix of AAD-only and AD-only settings. The AD-only settings are only applicable for hybrid-joined devices, and then only when BackupDirectory is set to 2.
+
+|Setting name|Azure-joined|Hybrid-joined|
+|---|---|---|
+|BackupDirectory|Yes|Yes
+|PasswordAgeDays|Yes|Yes
+|PasswordLength|Yes|Yes|
+|PasswordComplexity|Yes|Yes|
+|PasswordExpirationProtectionEnabled|No|Yes|
+|AdministratorAccountName|Yes|Yes|
+|ADPasswordEncryptionEnabled|No|Yes|
+|ADPasswordEncryptionPrincipal|No|Yes|
+|ADEncryptedPasswordHistorySize|No|Yes|
+|PostAuthenticationResetDelay|Yes|Yes|
+|PostAuthenticationActions|Yes|Yes|
+|ResetPassword|Yes|Yes|
+|ResetPasswordStatus|Yes|Yes|
+
+> [!IMPORTANT]
+> Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see the TBD reference on LAPS policy configuration.
+
+## ./Device/Vendor/MSFT/LAPS
+
+Defines the root node for the LAPS CSP.
+
+
+### Policies
+
+Defines the interior parent node for all configuration-related settings in the LAPS CSP.
+
+
+
+### BackupDirectory
+
+Allows the administrator to configure which directory the local administrator account password is backed up to.
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+Data type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+
+The allowable settings are:
+
+|Value|Description of setting|
+|--- |--- |
+|0|Disabled (password won't be backed up)|
+|1|Back up the password to Azure AD only|
+|2|Back up the password to Active Directory only|
+
+If not specified, this setting will default to 0 (disabled).
+
+
+
+
+### PasswordAgeDays
+
+Use this policy to configure the maximum password age of the managed local administrator account.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+If not specified, this setting will default to 30 days
+
+This setting has a minimum allowed value of 1 day when backing the password to on-premises Active Directory, and 7 days when backing the password Azure AD.
+
+This setting has a maximum allowed value of 365 days.
+
+
+Data type is integer.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### PasswordComplexity
+
+Use this setting to configure password complexity of the managed local administrator account.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+The allowable settings are:
+
+|Value|Description of setting|
+|--- |--- |
+|1|Large letters|
+|2|Large letters + small letters|
+|3|Large letters + small letters + numbers|
+|4|Large letters + small letters + numbers + special characters|
+
+
+If not specified, this setting will default to 4.
+
+> [!IMPORTANT]
+> Windows supports the lower password complexity settings (1, 2, and 3) only for backwards compatibility with older versions of LAPS. Microsoft recommends that this setting always be configured to 4.
+
+
+Data type is integer.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### PasswordLength
+
+Use this setting to configure the length of the password of the managed local administrator account.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+If not specified, this setting will default to 14 characters.
+
+This setting has a minimum allowed value of 8 characters.
+
+This setting has a maximum allowed value of 64 characters.
+
+
+Data type is integer.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### AdministratorAccountName
+
+Use this setting to configure the name of the managed local administrator account.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+If not specified, the default built-in local administrator account will be located by well-known SID (even if renamed).
+
+If specified, the specified account's password will be managed.
+
+> [!IMPORTANT]
+> If a custom account name is specified in this setting, the specified account must be created via other means. Specifying a name in this setting will not cause the account to be created.
+
+
+Data type is string.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### PasswordExpirationProtectionEnabled
+
+Use this setting to configure enforcement of maximum password age for the managed local administrator account.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+When this setting is set to True, planned password expiration that would result in a password age greater than what is specified by the "PasswordAgeDays" policy is NOT allowed. When such expiration is detected, the password is changed immediately, and the new password expiration date is set according to policy.
+
+If not specified, this setting defaults to True.
+
+> [!IMPORTANT]
+> This setting is ignored unless BackupDirectory is configured to back up the password to Active Directory.
+
+
+Data type is boolean.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### ADPasswordEncryptionEnabled
+
+Use this setting to configure whether the password is encrypted before being stored in Active Directory.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+This setting is ignored if the password is currently being stored in Azure.
+
+If this setting is set to True, and the Active Directory domain meets the 2016 DFL prerequisite, the password is encrypted before being stored in Active Directory.
+
+If this setting is missing or set to False, or the Active Directory domain doesn't meet the DFL prerequisite, the password is stored as clear-text in Active Directory.
+
+If not specified, this setting defaults to False.
+> [!IMPORTANT]
+> This setting is ignored unless BackupDirectory is configured to back up the password to Active Directory, AND the the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
+
+
+Data type is boolean.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### ADPasswordEncryptionPrincipal
+
+Use this setting to configure the name or SID of a user or group that can decrypt the password stored in Active Directory.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+This setting is ignored if the password is currently being stored in Azure.
+
+If not specified, the password can only be decrypted by the Domain Admins group in the device's domain.
+
+If specified, the specified user or group will be able to decrypt the password stored in Active Directory.
+
+If the specified user or group account is invalid the device will fall back to using the Domain Admins group in the device's domain.
+> [!IMPORTANT]
+> The string stored in this setting must be either a SID in string form or the fully qualified name of a user or group. Valid examples include:
+>
+> "S-1-5-21-2127521184-1604012920-1887927527-35197"
+>
+> "contoso\LAPSAdmins"
+>
+> "lapsadmins@contoso.com"
+>
+> The principal identified (either by SID or user\group name) must exist and be resolvable by the device.
+
+> [!IMPORTANT]
+> This setting is ignored unless ADPasswordEncryptionEnabled is configured to True and all other prerequisites are met.
+
+
+Data type is string.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### ADEncryptedPasswordHistorySize
+
+Use this setting to configure how many previous encrypted passwords will be remembered in Active Directory.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+If not specified, this setting will default to 0 passwords (disabled).
+
+This setting has a minimum allowed value of 0 passwords.
+
+This setting has a maximum allowed value of 12 passwords.
+
+> [!IMPORTANT]
+> This setting is ignored unless ADPasswordEncryptionEnabled is configured to True and all other prerequisites are met.
+
+
+Data type is integer.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### PostAuthenticationResetDelay
+
+Use this setting to specify the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions (see the PostAuthenticationActions setting below).
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+If not specified, this setting will default to 24 hours.
+
+This setting has a minimum allowed value of 0 hours (this disables all post-authentication actions).
+
+This setting has a maximum allowed value of 24 hours.
+
+
+Data type is integer.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+### PostAuthenticationActions
+
+Use this setting to specify the actions to take upon expiration of the configured grace period (see the PostAuthenticationResetDelay setting above).
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+This setting can have ONE of the following values:
+
+|Value|Name|Action(s) taken upon expiry of the grace period|
+|--- |--- |--- |
+|1|Reset password|The managed account password will be reset|
+|3|Reset password and log off|The managed account password will be reset and any interactive logon sessions using the managed account will be terminated|
+|5|Reset password and reboot|The managed account password will be reset and the managed device will be immediately rebooted.|
+
+If not specified, this setting will default to 3.
+
+> [!IMPORTANT]
+> The allowed post-authentication actions are intended to help limit the amount of time that a LAPS password may be used before being reset. Logging off the managed account - or rebooting the device - are options to help ensure this. Abrupt termination of logon sessions, or rebooting the device, may result in data loss.
+
+> [!IMPORTANT]
+> From a security perspective, a malicious user who acquires administrative privileges on a device using a valid LAPS password does have the ultimate ability to prevent or circumvent these mechanisms.
+
+
+Data type is integer.
+
+Supported operations are Add, Get, Replace, and Delete.
+
+
+
+## Actions
+
+Defines the parent interior node for all action-related settings in the LAPS CSP.
+
+
+
+### ResetPassword
+
+Use this Execute action to request an immediate reset of the local administrator account password, ignoring the normal constraints such as PasswordLengthDays, etc.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+
+
+
+Data type is integer.
+
+Supported operations are Execute.
+
+
+
+### ResetPasswordStatus
+
+Use this setting to query the status of the last submitted ResetPassword action.
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|Yes|
+|Pro|No|Yes|
+|Business|No|Yes|
+|Enterprise|No|Yes|
+|Education|No|Yes|
+
+
+
+The value returned is an HRESULT code.
+
+S_OK (0x0) - the last submitted ResetPassword action succeeded.
+
+E_PENDING (0x8000000) - the last submitted ResetPassword action is still executing.
+
+other - the last submitted ResetPassword action encountered the returned error.
+
+
+Data type is integer.
+
+Supported operations are Get.
+
+
+### SyncML examples
+
+The following examples are provided to show proper format and shouldn't be taken as a recommendation.
+
+#### Azure-joined device backing password up to Azure AD
+
+This example is configuring an Azure-joined device to back up its password to Azure Active Directory:
+
+```xml
+
+
+
+ 1
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/BackupDirectory
+
+
+ int
+ text/plain
+
+ 1
+
+
+
+ 2
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PasswordAgeDays
+
+
+ int
+ text/plain
+
+ 7
+
+
+
+ 3
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PasswordComplexity
+
+
+ int
+ text/plain
+
+ 4
+
+
+
+ 4
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PasswordLength
+
+
+ int
+ text/plain
+
+ 32
+
+
+
+ 5
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/AdministratorAccountName
+
+
+ chr
+ text/plain
+
+ ContosoLocalLapsAdmin
+
+
+
+ 6
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PostAuthenticationResetDelay
+
+
+ int
+ text/plain
+
+ 8
+
+
+
+ 7
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PostAuthenticationActions
+
+
+ int
+ text/plain
+
+ 3
+
+ <Final/>
+
+```
+
+#### Hybrid-joined device backing password up to Active Directory
+
+This example is configuring a hybrid device to back up its password to Active Directory with password encryption enabled:
+
+```xml
+
+
+
+ 1
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/BackupDirectory
+
+
+ int
+ text/plain
+
+ 2
+
+
+
+ 2
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PasswordAgeDays
+
+
+ int
+ text/plain
+
+ 20
+
+
+
+ 3
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PasswordComplexity
+
+
+ int
+ text/plain
+
+ 3
+
+
+
+ 4
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PasswordLength
+
+
+ int
+ text/plain
+
+ 14
+
+
+
+ 5
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/AdministratorAccountName
+
+
+ chr
+ text/plain
+
+ ContosoLocalLapsAdmin
+
+
+
+ 6
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PasswordExpirationProtectionEnabled
+
+
+ bool
+ text/plain
+
+ True
+
+
+
+ 7
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/ADPasswordEncryptionEnabled
+
+
+ bool
+ text/plain
+
+ True
+
+
+
+ 8
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/ADPasswordEncryptionPrincipal
+
+
+ chr
+ text/plain
+
+ LAPSAdmins@contoso.com
+
+
+
+ 9
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/ADEncryptedPasswordHistorySize
+
+
+ int
+ text/plain
+
+ 6
+
+
+
+ 10
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PostAuthenticationResetDelay
+
+
+ int
+ text/plain
+
+ 4
+
+
+
+ 11
+
+
+ ./Device/Vendor/MSFT/LAPS/Policies/PostAuthenticationActions
+
+
+ int
+ text/plain
+
+ 5
+
+ <Final/>
+
+```
+
+## Related articles
+
+[Configuration service provider reference](index.yml)
+
+[Windows LAPS](/windows-server/identity/laps/laps)
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
new file mode 100644
index 0000000000..b5ba239a7a
--- /dev/null
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -0,0 +1,654 @@
+---
+title: LAPS DDF file
+description: Learn about the OMA DM device description framework (DDF) for the Local Administrator Password Solution configuration service provider.
+ms.author: jsimmons
+ms.topic: article
+ms.prod: windows-client
+ms.technology: itpro-manage
+author: jsimmons
+ms.localizationpriority: medium
+ms.date: 07/04/2022
+ms.reviewer: jsimmons
+manager: jsimmons
+---
+
+# Local Administrator Password Solution DDF file
+
+This article shows the OMA DM device description framework (DDF) for the Local Administrator Password Solution (LAPS) configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
+
+The XML below is the current version for this CSP.
+
+```xml
+
+
+
+
+ 1.2
+ "%windir%\system32\LapsCSP.dll
+
+ {298a6f17-03e7-4bd4-971c-544f359527b7}
+
+ LAPS
+ ./Device/Vendor/MSFT
+
+
+
+
+ The root node for the LAPS configuration service provider.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.99999
+ 1.0
+
+
+
+
+
+
+ Policies
+
+
+
+
+ Root node for LAPS policies.
+
+
+
+
+
+
+
+
+
+ Policies
+
+
+
+
+
+
+ BackupDirectory
+
+
+
+
+
+
+
+ 0
+ Use this setting to configure which directory the local admin account password is backed up to.
+
+The allowable settings are:
+
+0=Disabled (password will not be backed up)
+1=Backup the password to Azure AD only
+2=Backup the password to Active Directory only
+
+If not specified, this setting will default to 0.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ 0
+ Disabled (password will not be backed up)
+
+
+ 1
+ Backup the password to Azure AD only
+
+
+ 2
+ Backup the password to Active Directory only
+
+
+
+
+
+ PasswordAgeDays
+
+
+
+
+
+
+
+ 30
+ Use this policy to configure the maximum password age of the managed local administrator account.
+
+If not specified, this setting will default to 30 days
+
+This setting has a minimum allowed value of 1 day when backing the password to onpremises Active Directory, and 7 days when backing the password to Azure AD.
+
+This setting has a maximum allowed value of 365 days.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ [1-365]
+
+
+
+
+ [7-365]
+
+
+ Vendor/MSFT/LAPS/Policies/BackupDirectory
+
+
+ 1
+ BackupDirectory configured to Azure AD
+
+
+
+
+
+
+
+
+ PasswordComplexity
+
+
+
+
+
+
+
+ 4
+ Use this setting to configure password complexity of the managed local administrator account.
+
+The allowable settings are:
+
+1=Large letters
+2=Large letters + small letters
+3=Large letters + small letters + numbers
+4=Large letters + small letters + numbers + special characters
+
+If not specified, this setting will default to 4.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ 1
+ Large letters
+
+
+ 2
+ Large letters + small letters
+
+
+ 3
+ Large letters + small letters + numbers
+
+
+ 4
+ Large letters + small letters + numbers + special characters
+
+
+
+
+
+ PasswordLength
+
+
+
+
+
+
+
+ 14
+ Use this setting to configure the length of the password of the managed local administrator account.
+
+If not specified, this setting will default to 14 characters.
+
+This setting has a minimum allowed value of 8 characters.
+
+This setting has a maximum allowed value of 64 characters.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ [8-64]
+
+
+
+
+ AdministratorAccountName
+
+
+
+
+
+
+
+ Use this setting to configure the name of the managed local administrator account.
+
+If not specified, the default built-in local administrator account will be located by well-known SID (even if renamed).
+
+If specified, the specified account's password will be managed.
+
+Note: if a custom managed local administrator account name is specified in this setting, that account must be created via other means. Specifying a name in this setting will not cause the account to be created.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ PasswordExpirationProtectionEnabled
+
+
+
+
+
+
+
+ True
+ Use this setting to configure additional enforcement of maximum password age for the managed local administrator account.
+
+When this setting is enabled, planned password expiration that would result in a password age greater than that dictated by "PasswordAgeDays" policy is NOT allowed. When such expiration is detected, the password is changed immediately and the new password expiration date is set according to policy.
+
+If not specified, this setting defaults to True.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ false
+ Allow configured password expiriration timestamp to exceed maximum password age
+
+
+ true
+ Do not allow configured password expiriration timestamp to exceed maximum password age
+
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/BackupDirectory
+
+
+ 2
+ BackupDirectory configured to Active Directory
+
+
+
+
+
+
+
+
+ ADPasswordEncryptionEnabled
+
+
+
+
+
+
+
+ False
+ Use this setting to configure whether the password is encrypted before being stored in Active Directory.
+
+This setting is ignored if the password is currently being stored in Azure.
+
+This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
+
+If this setting is enabled, and the Active Directory domain meets the DFL prerequisite, the password will be encrypted before before being stored in Active Directory.
+
+If this setting is disabled, or the Active Directory domain does not meet the DFL prerequisite, the password will be stored as clear-text in Active Directory.
+
+If not specified, this setting defaults to False.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ false
+ Store the password in clear-text form in Active Directory
+
+
+ true
+ Store the password in encrypted form in Active Directory
+
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/BackupDirectory
+
+
+ 2
+ BackupDirectory configured to Active Directory
+
+
+
+
+
+
+
+
+ ADPasswordEncryptionPrincipal
+
+
+
+
+
+
+
+ Use this setting to configure the name or SID of a user or group that can decrypt the password stored in Active Directory.
+
+This setting is ignored if the password is currently being stored in Azure.
+
+If not specified, the password will be decryptable by the Domain Admins group in the device's domain.
+
+If specified, the specified user or group will be able to decrypt the password stored in Active Directory.
+
+If the specified user or group account is invalid the device will fallback to using the Domain Admins group in the device's domain.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/BackupDirectory
+
+
+ 2
+ BackupDirectory configured to Active Directory
+
+
+
+
+
+
+
+
+ ADEncryptedPasswordHistorySize
+
+
+
+
+
+
+
+ 0
+ Use this setting to configure how many previous encrypted passwords will be remembered in Active Directory.
+
+If not specified, this setting will default to 0 passwords (disabled).
+
+This setting has a minimum allowed value of 0 passwords.
+
+This setting has a maximum allowed value of 12 passwords.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ [0-12]
+
+
+
+
+ Vendor/MSFT/LAPS/Policies/BackupDirectory
+
+
+ 2
+ BackupDirectory configured to Active Directory
+
+
+
+
+
+
+
+
+ PostAuthenticationResetDelay
+
+
+
+
+
+
+
+ 24
+ Use this setting to specify the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions.
+
+ If not specified, this setting will default to 24 hours.
+
+ This setting has a minimum allowed value of 0 hours (this disables all post-authentication actions).
+
+ This setting has a maximum allowed value of 24 hours.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ [0-24]
+
+
+
+
+ PostAuthenticationActions
+
+
+
+
+
+
+
+ 3
+ Use this setting to specify the actions to take upon expiration of the configured grace period.
+
+If not specified, this setting will default to 3 (Reset the password and logoff the managed account).
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+ 1
+ Reset password: upon expiry of the grace period, the managed account password will be reset.
+
+
+ 3
+ Reset the password and logoff the managed account: upon expiry of the grace period, the managed account password will be reset and any interactive logon sessions using the managed account will terminated.
+
+
+ 5
+ Reset the password and reboot: upon expiry of the grace period, the managed account password will be reset and the managed device will be immediately rebooted.
+
+
+
+
+
+
+ Actions
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Actions
+
+
+
+
+
+ ResetPassword
+
+
+
+
+ Use this setting to tell the CSP to immediately generate and store a new password for the managed local administrator account.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ ResetPasswordStatus
+
+
+
+
+ 0
+ Use this setting to query the status of the last submitted ResetPassword execute action.
+
+
+
+
+
+
+
+
+
+ ResetPasswordStatus
+
+ text/plain
+
+
+
+
+
+
+
+
+```
+
+## Related articles
+
+[LAPS configuration service provider](laps-csp.md)
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index 0042735b48..dad200f3b6 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -3,15 +3,15 @@ title: MultiSIM CSP
description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/22/2018
ms.reviewer:
manager: aaroncz
---
-# MultiSIM CSP
+# MultiSIM CSP
The table below shows the applicability of Windows:
@@ -43,52 +43,52 @@ MultiSIM
--------Policies
------------SlotSelectionEnabled
```
-**./Device/Vendor/MSFT/MultiSIM**
+**./Device/Vendor/MSFT/MultiSIM**
Root node.
-**_ModemID_**
+**_ModemID_**
Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded modem.
-**_ModemID_/Identifier**
+**_ModemID_/Identifier**
Modem ID.
Supported operation is Get. Value type is string.
-**_ModemID_/IsEmbedded**
+**_ModemID_/IsEmbedded**
Indicates whether this modem is embedded or external.
Supported operation is Get. Value type is bool.
-**_ModemID_/Slots**
+**_ModemID_/Slots**
Represents all SIM slots in the Modem.
-**_ModemID_/Slots/_SlotID_**
+**_ModemID_/Slots/_SlotID_**
Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot.
-**_ModemID_/Slots/_SlotID_/Identifier**
+**_ModemID_/Slots/_SlotID_/Identifier**
Slot ID.
Supported operation is Get. Value type is integer.
-**_ModemID_/Slots/_SlotID_/IsEmbedded**
+**_ModemID_/Slots/_SlotID_/IsEmbedded**
Indicates whether this Slot is embedded or a physical SIM slot.
Supported operation is Get. Value type is bool.
-**_ModemID_/Slots/_SlotID_/IsSelected**
+**_ModemID_/Slots/_SlotID_/IsSelected**
Indicates whether this Slot is selected or not.
Supported operation is Get and Replace. Value type is bool.
-**_ModemID_/Slots/_SlotID_/State**
+**_ModemID_/Slots/_SlotID_/State**
Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8)
Supported operation is Get. Value type is integer.
-**_ModemID_/Policies**
+**_ModemID_/Policies**
Policies associated with the Modem.
-**_ModemID_/Policies/SlotSelectionEnabled**
+**_ModemID_/Policies/SlotSelectionEnabled**
Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.
Supported operation is Get and Replace. Value type is bool.
@@ -109,7 +109,7 @@ Get modem
-
+
```
@@ -128,7 +128,7 @@ Get slots
-
+
```
@@ -147,7 +147,7 @@ Get slot state
-
+
```
@@ -171,7 +171,7 @@ Select slot
true
-
+
```
diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md
index 662c3e0384..492326bc04 100644
--- a/windows/client-management/mdm/multisim-ddf.md
+++ b/windows/client-management/mdm/multisim-ddf.md
@@ -3,8 +3,8 @@ title: MultiSIM DDF file
description: XML file containing the device description framework for the MultiSIM configuration service provider.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 02/27/2018
ms.reviewer:
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index 2a4d93d58f..95cd0ee469 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -71,28 +71,28 @@ NAP
----------------SecureLevel
```
-**./Vendor/MSFT/NAP**
+**./Vendor/MSFT/NAP**
Root node.
-***NAPX***
+***NAPX***
Required. Defines the name of the network access point.
It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), however, no spaces may appear in the name (use %20 instead).
-***NAPX*/NAPID**
+***NAPX*/NAPID**
Required. Specifies the identifier of the destination network.
The NAPID value must not include a "@" character. If the NAPDEF configuration service provider defines it as “connectionID@WAP”, this value should be set to “connectionID”.
-***NAPX*/NAME**
+***NAPX*/NAME**
Optional. Specifies the user-friendly name of the connection.
-***NAPX*/ADDR**
+***NAPX*/ADDR**
Required. Specifies the address of the destination network.
The ADDR may be the URL of an access point, the APN name for a GPRS access point, the telephone number of an answering modem, or any other string used to uniquely identify the address of the destination network.
-***NAPX*/ADDRTYPE**
+***NAPX*/ADDRTYPE**
Required. Specifies the type of address used to identify the destination network.
The following table shows some commonly used ADDRTYPE values and the types of connection that corresponds with each value.
@@ -103,28 +103,28 @@ The following table shows some commonly used ADDRTYPE values and the types of co
|APN|GPRS connections|
|ALPHA|Wi-Fi-based connections|
-***NAPX*/AuthInfo**
+***NAPX*/AuthInfo**
Optional node. Specifies the authentication information, including the protocol, user name, and password.
-***NAPX*/AuthInfo/AuthType**
+***NAPX*/AuthInfo/AuthType**
Optional. Specifies the method of authentication. Some supported protocols are PAP, CHAP, HTTP-BASIC, HTTP-DIGEST, WTLS-SS, and MD5.
-***NAPX*/AuthInfo/AuthName**
+***NAPX*/AuthInfo/AuthName**
Optional. Specifies the user name and domain to be used during authentication. This field is in the form *Domain*\\*UserName*.
-***NAPX*/AuthInfo/AuthSecret**
+***NAPX*/AuthInfo/AuthSecret**
Optional. Specifies the password used during authentication.
Queries of this field will return a string composed of 16 asterisks (\*).
-***NAPX*/Bearer**
+***NAPX*/Bearer**
Node.
-***NAPX*/Bearer/BearerType**
+***NAPX*/Bearer/BearerType**
Required. Specifies the network type of the destination network. This can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, and Wi-Fi.
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index ebef8beec0..615e9f4a47 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -28,8 +28,8 @@ The NAPDEF configuration service provider is used to add, modify, or delete WAP
> [!Note]
> You cannot use NAPDEF CSP on the desktop to update the Push Proxy Gateway (PPG) list.
->
-> This configuration service provider requires the `ID_CAP_CSP_FOUNDATION` and `ID_CAP_NETWORKING_ADMIN` capabilities to be accessed from a network configuration application.
+>
+> This configuration service provider requires the `ID_CAP_CSP_FOUNDATION` and `ID_CAP_NETWORKING_ADMIN` capabilities to be accessed from a network configuration application.
The following shows the NAPDEF configuration service provider management object in tree format as used by OMA Client Provisioning for **initial bootstrapping of the phone**. The OMA DM protocol isn't supported by this configuration service provider.
@@ -67,62 +67,62 @@ NAPDEF
----NAP-ADDRTYPE
```
-**NAPAUTHINFO**
+**NAPAUTHINFO**
Defines a group of authentication settings.
-**AUTHNAME**
+**AUTHNAME**
Specifies the name used to authenticate the user.
-**AUTHSECRET**
+**AUTHSECRET**
Specifies the password used to authenticate the user.
A query of this parameter returns asterisks (\*) in the results.
-**AUTHTYPE**
+**AUTHTYPE**
Specifies the protocol used to authenticate the user.
The only permitted values for this element are "POP" (Password Authentication Protocol) and "CHAP" (Challenge Handshake Authentication Protocol) authentication protocols.
> [!Note]
-> **AuthName** and **AuthSecret** are not created if **AuthType** isn't included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** isn't included in the provisioning XML used to make the change.
+> **AuthName** and **AuthSecret** are not created if **AuthType** isn't included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** isn't included in the provisioning XML used to make the change.
-**BEARER**
+**BEARER**
Specifies the type of bearer.
Only Global System for Mobile Communication (GSM) and GSM-General Packet Radio Services (GPRS) are supported.
-**INTERNET**
+**INTERNET**
Optional. Specifies whether this connection is an AlwaysOn connection.
If **INTERNET** exists, the connection is an AlwaysOn connection and doesn't require a connection manager policy.
If **INTERNET** doesn't exist, the connection isn't an AlwaysOn connection and the connection requires a connection manager connection policy to be set.
-**LOCAL-ADDR**
+**LOCAL-ADDR**
Required for GPRS. Specifies the local address of the WAP client for GPRS access points.
-**LOCAL-ADDRTYPE**
+**LOCAL-ADDRTYPE**
Required for GPRS. Specifies the address format of the **LOCAL-ADDR** element.
The value of LOCAL-ADDRTYPE can be "IPv4".
-**NAME**
+**NAME**
Specifies the logical, user-readable identity of the NAP.
-**NAP-ADDRESS**
+**NAP-ADDRESS**
Specifies the address of the NAP.
-**NAP-ADDRTYPE**
+**NAP-ADDRTYPE**
Specifies the format and protocol of the **NAP-ADDRESS** element.
Only Access Point Name (APN) and E164 are supported.
-**NAPID**
+**NAPID**
Required for initial bootstrapping. Specifies the name of the NAP.
The maximum length of the **NAPID** value is 16 characters.
-***NAPID***
+***NAPID***
Required for bootstrapping updating. Defines the name of the NAP.
The name of the *NAPID* element is the same as the value passed during initial bootstrapping. In addition, the Microsoft format for NAPDEF contains the provisioning XML attribute mwid. This custom attribute is optional when adding a NAP or a proxy. It's required for *NAPID* when updating and deleting existing NAPs and proxies and must have its value set to 1.
@@ -140,4 +140,4 @@ The following table shows the Microsoft custom elements that this configuration
## Related articles
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index c249a38718..4be3316fbb 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -3,8 +3,8 @@ title: NetworkProxy CSP
description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/29/2018
ms.reviewer:
@@ -26,7 +26,7 @@ The table below shows the applicability of Windows:
The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703.
-How the settings work:
+How the settings work:
- If auto-detect is enabled, the system tries to find the path to a Proxy Auto Config (PAC) script and download it.
- If #1 fails and a setup script is specified, the system tries to download the explicitly configured PAC script.
@@ -47,10 +47,10 @@ NetworkProxy
--------UseProxyForLocalAddresses
```
-**./Vendor/MSFT/NetworkProxy**
+**./Vendor/MSFT/NetworkProxy**
The root node for the NetworkProxy configuration service provider.
-**ProxySettingsPerUser**
+**ProxySettingsPerUser**
Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide.
Supported operations are Add, Get, Replace, and Delete.
@@ -73,22 +73,22 @@ Address to the PAC script you want to use.
The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
-**ProxyServer**
+**ProxyServer**
Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.
Supported operation is Get.
-**ProxyAddress**
+**ProxyAddress**
Address to the proxy server. Specify an address in the format <server>[“:”<port>].
The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
-**Exceptions**
+**Exceptions**
Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node. Use semicolons (;) to separate entries.
The data type is string. Supported operations are Get and Replace. Starting in Windows 10, version 1803, the Delete operation is also supported.
-**UseProxyForLocalAddresses**
+**UseProxyForLocalAddresses**
Specifies whether the proxy server should be used for local (intranet) addresses.
Valid values:
@@ -131,7 +131,7 @@ These generic code portions for the options **ProxySettingsPerUser**, **Autodete
1
-
+
```
```xml
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index ed25d003b2..b83fb6eab6 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -3,8 +3,8 @@ title: NetworkProxy DDF file
description: AppNetworkProxyLocker DDF file
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
@@ -13,9 +13,9 @@ manager: aaroncz
# NetworkProxy DDF file
-This topic shows the OMA DM device description framework (DDF) for the **NetworkProxy** configuration service provider.
+This topic shows the OMA DM device description framework (DDF) for the **NetworkProxy** configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index 5b5d5d930e..f4af5800f6 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -3,8 +3,8 @@ title: NetworkQoSPolicy CSP
description: The NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 04/22/2021
ms.reviewer:
@@ -30,7 +30,7 @@ The following conditions are supported:
- Network traffic from a specific application name
- Network traffic from specific source or destination ports
- Network traffic from a specific IP protocol (TCP, UDP, or both)
-
+
The following actions are supported:
- Layer 2 tagging using a IEEE 802.1p priority value
- Layer 3 tagging using a differentiated services code point (DSCP) value
@@ -39,7 +39,7 @@ The following actions are supported:
> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on the following devices:
> - Azure AD Hybrid joined devices.
> - Devices that use both GPO and CSP at the same time.
->
+>
> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Windows 10, version 2004.
The following example shows the NetworkQoSPolicy configuration service provider in tree format.
@@ -55,64 +55,64 @@ NetworkQoSPolicy
--------PriorityValue8021Action
--------DSCPAction
```
-**NetworkQoSPolicy**
+**NetworkQoSPolicy**
The root node for the NetworkQoSPolicy configuration service provider.
-**Version**
+**Version**
Specifies the version information.
-
The data type is int.
+
The data type is int.
The only supported operation is Get.
-***Name***
+***Name***
Node for the QoS policy name.
-***Name*/IPProtocolMatchCondition**
-
Specifies the IP protocol used to match the network traffic.
+***Name*/IPProtocolMatchCondition**
+
Specifies the IP protocol used to match the network traffic.
Valid values are:
-- 0 (default) - Both TCP and UDP
+- 0 (default) - Both TCP and UDP
- 1 - TCP
- 2 - UDP
-
The data type is int.
+
The data type is int.
The supported operations are Add, Get, Delete, and Replace.
-***Name*/AppPathNameMatchCondition**
+***Name*/AppPathNameMatchCondition**
Specifies the name of an application to be used to match the network traffic, such as `application.exe` or `%ProgramFiles%\application.exe`.
-
The data type is char.
+
The data type is char.
The supported operations are Add, Get, Delete, and Replace.
-***Name*/SourcePortMatchCondition**
-
Specifies a single port or a range of ports to be used to match the network traffic source.
+***Name*/SourcePortMatchCondition**
+
Specifies a single port or a range of ports to be used to match the network traffic source.
-
Valid values are:
+
Valid values are:
- A range of source ports: _[first port number]_-_[last port number]_
- A single source port: _[port number]_
-
-
The data type is char.
+
+
The data type is char.
The supported operations are Add, Get, Delete, and Replace.
-***Name*/DestinationPortMatchCondition**
+***Name*/DestinationPortMatchCondition**
Specifies a single source port or a range of ports to be used to match the network traffic destination.
-
Valid values are:
+
Valid values are:
- A range of destination ports: _[first port number]_-_[last port number]_
- A single destination port: _[port number]_
-
-
The data type is char.
+
+
The data type is char.
The supported operations are Add, Get, Delete, and Replace.
-***Name*/PriorityValue8021Action**
+***Name*/PriorityValue8021Action**
Specifies the IEEE 802.1p priority value to apply to matching network traffic.
Valid values are 0-7.
@@ -121,7 +121,7 @@ NetworkQoSPolicy
The supported operations are Add, Get, Delete, and Replace.
-***Name*/DSCPAction**
+***Name*/DSCPAction**
The Differentiated Services Code Point (DSCP) value to apply to matching network traffic.
Valid values are 0-63.
@@ -136,4 +136,4 @@ NetworkQoSPolicy
Read more about the XML DDF structure to create this policy by following the links below:
- [More Information about DDF and structure](networkqospolicy-ddf.md)
-- [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)
+- [CSP DDF files download](configuration-service-provider-ddf.md)
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 972f823ac5..f90310942f 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **NetworkQoSPolicy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
deleted file mode 100644
index fdfb90c836..0000000000
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ /dev/null
@@ -1,350 +0,0 @@
----
-title: What's new in MDM enrollment and management
-description: Discover what's new and breaking changes in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
-MS-HAID:
- - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
- - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 10/20/2020
----
-
-# What's new in mobile device enrollment and management
-
-This article provides information about what's new in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 and Windows 11 devices. This article also provides details about the breaking changes and known issues and frequently asked questions.
-
-For details about Microsoft mobile device management protocols for Windows 10 and Windows 11, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
-
-
-## What’s new in MDM for Windows 11, version 21H2
-
-|New or updated article|Description|
-|-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 11, version 21H2: - NewsAndInterests/AllowNewsAndInterests - Experiences/ConfigureChatIcon - Start/ConfigureStartPins - Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity - Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable |
-| [DMClient CSP](dmclient-csp.md) | Updated the description of the following node: - Provider/ProviderID/ConfigLock/Lock - Provider/ProviderID/ConfigLock/UnlockDuration - Provider/ProviderID/ConfigLock/SecuredCore |
-
-
-## Breaking changes and known issues
-
-### Get command inside an atomic command isn’t supported
-
-In Windows 10 and Windows 11, a Get command inside an atomic command isn't supported.
-
-### Apps installed using WMI classes are not removed
-
-Applications installed using WMI classes aren't removed when the MDM account is removed from device.
-
-### Passing CDATA in SyncML does not work
-
-Passing CDATA in data in SyncML to ConfigManager and CSPs doesn't work in Windows 10 and Windows 11.
-
-### SSL settings in IIS server for SCEP must be set to "Ignore"
-
-The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10 and Windows 11.
-
-
-
-### MDM enrollment fails on the Windows device when traffic is going through proxy
-
-When the Windows device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that doesn't require authentication or remove the proxy setting from the connected network.
-
-### Server-initiated unenrollment failure
-
-Server-initiated unenrollment for a device enrolled by adding a work account silently fails to leave the MDM account active. MDM policies and resources are still in place and the client can continue to sync with the server.
-
-Remote server unenrollment is disabled for mobile devices enrolled via Azure Active Directory Join. It returns an error message to the server. The only way to remove enrollment for a mobile device that is Azure AD joined is by remotely wiping the device.
-
-### Certificates causing issues with Wi-Fi and VPN
-
-In Windows 10 and Windows 11, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This dual installation may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We're working to fix this issue.
-
-### Version information for Windows 11
-
-The software version information from **DevDetail/Ext/Microsoft/OSPlatform** doesn't match the version in **Settings** under **System/About**.
-
-### Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 and Windows 11
-
-In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned doesn't have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria such that it matches only one certificate.
-
-Enterprises deploying certificate-based EAP authentication for VPN/Wi-Fi can face a situation where there are multiple certificates that meet the default criteria for authentication. This situation can lead to issues such as:
-
-- The user may be prompted to select the certificate.
-- The wrong certificate may get auto selected and cause an authentication failure.
-
-A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP Configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication.
-
-EAP XML must be updated with relevant information for your environment. This task can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
-
-- For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This detail is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags, you'll find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
-- For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
-
-For information about EAP Settings, see .
-
-For information about generating an EAP XML, see [EAP configuration](eap-configuration.md).
-
-For more information about extended key usage, see .
-
-For information about adding extended key usage (EKU) to a certificate, see .
-
-The following list describes the prerequisites for a certificate to be used with EAP:
-
-- The certificate must have at least one of the following EKU (Extended Key Usage) properties:
-
- - Client Authentication.
- - As defined by RFC 5280, this property is a well-defined OID with Value 1.3.6.1.5.5.7.3.2.
- - Any Purpose.
- - An EKU Defined and published by Microsoft, is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
- - All Purpose.
- - As defined by RFC 5280, If a CA includes extended key usages to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an Extended Key Usage Value of 0. A certificate with such an EKU can be used for all purposes.
-- The user or the computer certificate on the client chains to a trusted root CA.
-- The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
-- The user or the computer certificate doesn't fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
-- The Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN) of the user.
-
-The following XML sample explains the properties for the EAP TLS XML including certificate filtering.
-
-> [!NOTE]
-> For PEAP or TTLS Profiles the EAP TLS XML is embedded within some PEAP or TTLS specific elements.
-
-```xml
-
-
- 13
-
-
- 0
- 0
- 0
-
-
-
-
-
-
- 13
-
-
-
-
- true
-
-
-
-
-
-
- false
-
-
- false
- false
- false
-
-
-
-
-
- ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
-
-
-
-
-
-
-
-
-
-
- ContostoITEKU
-
- 1.3.6.1.4.1.311.42.1.15
-
-
-
-
-
-
-
-
- ContostoITEKU
-
-
-
-
- Example1
-
-
- true
-
-
-
-
-
-
-
-
-
-
-
-```
-
-> [!NOTE]
-> The EAP TLS XSD is located at **%systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd**
-
-Alternatively you can use the following procedure to create an EAP Configuration XML.
-
-1. Follow steps 1 through 7 in [EAP configuration](eap-configuration.md).
-
-2. In the Microsoft VPN SelfHost Properties dialog box, select **Microsoft : Smart Card or other Certificate** from the drop-down menu (this drop-down menu selects EAP TLS.).
-
- :::image type="content" alt-text="vpn selfhost properties window." source="images/certfiltering1.png":::
-
- > [!NOTE]
- > For PEAP or TTLS, select the appropriate method and continue following this procedure.
-
-3. Click the **Properties** button underneath the drop-down menu.
-
-4. In the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
-
- :::image type="content" alt-text="smart card or other certificate properties window." source="images/certfiltering2.png":::
-
-5. In the **Configure Certificate Selection** menu, adjust the filters as needed.
-
- :::image type="content" alt-text="configure certificate selection window." source="images/certfiltering3.png":::
-
-6. Click **OK** to close the windows to get back to the main rasphone.exe dialog box.
-
-7. Close the rasphone dialog box.
-
-8. Continue following the procedure in [EAP configuration](eap-configuration.md) from Step 9 to get an EAP TLS profile with appropriate filtering.
-
-> [!NOTE]
-> You can also set all the other applicable EAP Properties through this UI as well. A guide to what these properties mean can be found in [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)).
-
-
-### MDM client will immediately check in with the MDM server after client renews WNS channel URI
-
-After the MDM client automatically renews the WNS channel URI, the MDM client will immediately check-in with the MDM server. Henceforth, for every MDM client check-in, the MDM server should send a GET request for "ProviderID/Push/ChannelURI" to retrieve the latest channel URI and compare it with the existing channel URI; then update the channel URI if necessary.
-
-### User provisioning failure in Azure Active Directory-joined Windows 10 and Windows 11 devices
-
-In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design.
-
-### Requirements to note for VPN certificates also used for Kerberos Authentication
-
-If you want to use the certificate used for VPN authentication also for Kerberos authentication (required if you need access to on-premises resources using NTLM or Kerberos), the user's certificate must meet the requirements for smart card certificate, the Subject field should contain the DNS domain name in the DN or the SAN should contain a fully qualified UPN so that the DC can be located from the DNS registrations. If certificates that don't meet these requirements are used for VPN, users may fail to access resources that require Kerberos authentication.
-
-### Device management agent for the push-button reset is not working
-
-The DM agent for [push-button reset](/windows-hardware/manufacture/desktop/push-button-reset-overview) keeps the registry settings for OMA DM sessions, but deletes the task schedules. The client enrollment is retained, but it never syncs with the MDM service.
-
-
-## Frequently Asked Questions
-
-
-### Can there be more than one MDM server to enroll and manage devices in Windows 10 or 11?
-
-No. Only one MDM is allowed.
-
-### How do I set the maximum number of Azure Active Directory-joined devices per user?
-
-1. Sign in to the portal as tenant admin: https://portal.azure.com.
-2. Select Active Directory on the left pane.
-3. Choose your tenant.
-4. Select **Configure**.
-5. Set quota to unlimited.
-
- :::image type="content" alt-text="aad maximum joined devices." source="images/faq-max-devices.png":::
-
-### What is dmwappushsvc?
-
-Entry | Description
---------------- | --------------------
-What is dmwappushsvc? | It's a Windows service that ships in Windows 10 and Windows 11 operating system as a part of the windows management platform. It's used internally by the operating system as a queue for categorizing and processing all WAP messages, which include Windows management messages, MMS, NabSync, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
-What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further: MMS, NabSync, SI/SL. This service doesn't send telemetry.|
-How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this service is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service will cause your management to fail.|
-
-
-
-## What’s new in MDM for Windows 10, version 20H2
-
-|New or updated article|Description|
-|-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2: - [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent) - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure) - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled) - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
-| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node: - Properties/SleepMode |
-| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node: - Settings/AllowWindowsDefenderApplicationGuard |
-
-## What’s new in MDM for Windows 10, version 2004
-
-| New or updated article | Description |
-|-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 2004: - [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall) - [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize) - [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource) - [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth) - [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth) - [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator) - [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion) - [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion) - [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)
Updated the following policy in Windows 10, version 2004: - [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
Deprecated the following policies in Windows 10, version 2004: - [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth) - [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth) - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) |
-| [DevDetail CSP](devdetail-csp.md) | Added the following new node: - Ext/Microsoft/DNSComputerName |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new node: - IsStub |
-| [SUPL CSP](supl-csp.md) | Added the following new node: - FullVersion |
-
-## What’s new in MDM for Windows 10, version 1909
-
-| New or updated article | Description |
-|-----|-----|
-| [BitLocker CSP](bitlocker-csp.md) | Added the following new nodes in Windows 10, version 1909: - ConfigureRecoveryPasswordRotation - RotateRecoveryPasswords - RotateRecoveryPasswordsStatus - RotateRecoveryPasswordsRequestID|
-
-## What’s new in MDM for Windows 10, version 1903
-
-| New or updated article | Description |
-|-----|-----|
-|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 1903: - [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground) - [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground) - [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring) - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope) - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination) - [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids) - [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids) - [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile) - [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar) - [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload) - [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview) - [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync) - [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation) - [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete) - [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage) - [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery) - [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin) - [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery) - [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin) - [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery) - [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin) - [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery) - [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin) - [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery) - [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin) - [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery) - [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin) - [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice) - [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock) - [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles) - [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation) - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline) - [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory) - [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) - [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations) - [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup) - [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) - [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon) - [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon) - [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)|
-| [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. |
-| [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. |
-| [Defender CSP](defender-csp.md) | Added the following new nodes: - Health/TamperProtectionEnabled - Health/IsVirtualMachine - Configuration - Configuration/TamperProtection - Configuration/EnableFileHashComputation |
-| [DiagnosticLog CSP](diagnosticlog-csp.md) [DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes: - Policy - Policy/Channels - Policy/Channels/ChannelName - Policy/Channels/ChannelName/MaximumFileSize - Policy/Channels/ChannelName/SDDL - Policy/Channels/ChannelName/ActionWhenFull - Policy/Channels/ChannelName/Enabled - DiagnosticArchive - DiagnosticArchive/ArchiveDefinition - DiagnosticArchive/ArchiveResults |
-| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | Added the new CSP. |
-| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes: - SecurityKey - SecurityKey/UseSecurityKeyForSignin |
-
-
-## What’s new in MDM for Windows 10, version 1809
-
-| New or updated article | Description |
-|-----|-----|
-|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809: - ApplicationManagement/LaunchAppAfterLogOn - ApplicationManagement/ScheduleForceRestartForUpdateFailures - Authentication/EnableFastFirstSignIn (Preview mode only) - Authentication/EnableWebSignIn (Preview mode only) - Authentication/PreferredAadTenantDomainName - Browser/AllowFullScreenMode - Browser/AllowPrelaunch - Browser/AllowPrinting - Browser/AllowSavingHistory - Browser/AllowSideloadingOfExtensions - Browser/AllowTabPreloading - Browser/AllowWebContentOnNewTabPage - Browser/ConfigureFavoritesBar - Browser/ConfigureHomeButton - Browser/ConfigureKioskMode - Browser/ConfigureKioskResetAfterIdleTimeout - Browser/ConfigureOpenMicrosoftEdgeWith - Browser/ConfigureTelemetryForMicrosoft365Analytics - Browser/PreventCertErrorOverrides - Browser/SetHomeButtonURL - Browser/SetNewTabPageURL - Browser/UnlockHomeButton - Defender/CheckForSignaturesBeforeRunningScan - Defender/DisableCatchupFullScan - Defender/DisableCatchupQuickScan - Defender/EnableLowCPUPriority - Defender/SignatureUpdateFallbackOrder - Defender/SignatureUpdateFileSharesSources - DeviceGuard/ConfigureSystemGuardLaunch - DeviceInstallation/AllowInstallationOfMatchingDeviceIDs - DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses - DeviceInstallation/PreventDeviceMetadataFromNetwork - DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings - DmaGuard/DeviceEnumerationPolicy - Experience/AllowClipboardHistory - Experience/DoNotSyncBrowserSettings - Experience/PreventUsersFromTurningOnBrowserSyncing - Kerberos/UPNNameHints - Privacy/AllowCrossDeviceClipboard - Privacy/DisablePrivacyExperience - Privacy/UploadUserActivities - Security/RecoveryEnvironmentAuthentication - System/AllowDeviceNameInDiagnosticData - System/ConfigureMicrosoft365UploadEndpoint - System/DisableDeviceDelete - System/DisableDiagnosticDataViewer - Storage/RemovableDiskDenyWriteAccess - TaskManager/AllowEndTask - Update/DisableWUfBSafeguards - Update/EngagedRestartDeadlineForFeatureUpdates - Update/EngagedRestartSnoozeScheduleForFeatureUpdates - Update/EngagedRestartTransitionScheduleForFeatureUpdates - Update/SetDisablePauseUXAccess - Update/SetDisableUXWUAccess - WindowsDefenderSecurityCenter/DisableClearTpmButton - WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning - WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl - WindowsLogon/DontDisplayNetworkSelectionUI |
-| [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro. |
-| [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus in Windows 10, version 1809. |
-| [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber in Windows 10, version 1809. |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node in Windows 10, version 1809. |
-| [Office CSP](office-csp.md) | Added FinalStatus setting in Windows 10, version 1809. |
-| [PassportForWork CSP](passportforwork-csp.md) | Added new settings in Windows 10, version 1809. |
-| [RemoteWipe CSP](remotewipe-csp.md) | Added new settings in Windows 10, version 1809. |
-| [SUPL CSP](supl-csp.md) | Added three new certificate nodes in Windows 10, version 1809. |
-| [TenantLockdown CSP](tenantlockdown-csp.md) | Added new CSP in Windows 10, version 1809. |
-| [Wifi CSP](wifi-csp.md) | Added a new node WifiCost in Windows 10, version 1809. |
-| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Added new settings in Windows 10, version 1809. |
-| [WindowsLicensing CSP](windowslicensing-csp.md) | Added S mode settings and SyncML examples in Windows 10, version 1809. |
-| [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) | Added new configuration service provider in Windows 10, version 1809. |
-
-
-## Change history for MDM documentation
-
-To know what's changed in MDM documentation, see [Change history for MDM documentation](change-history-for-mdm-documentation.md).
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index dc9bf7a054..b7fa0fbc34 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -77,45 +77,45 @@ NodeCache
----------------ExpectedValue
----------------AutoSetExpectedValue
```
-**./Device/Vendor/MSFT and ./User/Vendor/MSFT**
+**./Device/Vendor/MSFT and ./User/Vendor/MSFT**
Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This parameter's value is a predefined MIME type to identify this managed object in OMA DM syntax.
-***ProviderID***
+***ProviderID***
Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one **ProviderID** node under **NodeCache**. Scope is dynamic.
Supported operations are Get, Add, and Delete.
-***ProviderID*/CacheVersion**
+***ProviderID*/CacheVersion**
Optional. Character string representing the cache version set by the server. Scope is dynamic.
Data type is string. Supported operations are Get, Add, and Replace.
-***ProviderID*/ChangedNodes**
+***ProviderID*/ChangedNodes**
Optional. List of nodes whose values don't match their expected values as specified in **/*NodeID*/ExpectedValue**. Scope is dynamic.
Data type is string. Supported operation is Get.
-***ProviderID*/ChangedNodesData**
+***ProviderID*/ChangedNodesData**
Added in Windows 10, version 1703. Optional. XML containing nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue.
Supported operation is Get.
-***ProviderID*/Nodes**
+***ProviderID*/Nodes**
Required. Root node for cached nodes. Scope is dynamic.
Supported operation is Get.
-**/Nodes/***NodeID*
+**/Nodes/***NodeID*
Optional. Information about each cached node is stored under *NodeID* as specified by the server. This value must not contain a comma. Scope is dynamic.
Supported operations are Get, Add, and Delete.
-**/*NodeID*/NodeURI**
+**/*NodeID*/NodeURI**
Required. This node's value is a complete OMA DM node URI. It can specify either an interior or leaf node in the device management tree. Scope is dynamic.
Data type is string. Supported operations are Get, Add, and Delete.
-**/*NodeID*/ExpectedValue**
+**/*NodeID*/ExpectedValue**
Required. The server expects this value to be on the device. When the configuration service provider initiates a session, it checks the expected value against the node's actual value. Scope is dynamic. Supported values are string and x-nodemon-nonexistent.
Supported operations are Get, Add, and Delete.
@@ -137,7 +137,7 @@ Here's an example for setting the ExpectedValue to nonexistent.
```
-**/*NodeID*/AutoSetExpectedValue**
+**/*NodeID*/AutoSetExpectedValue**
Added in Windows 10, version 1703. Required. This parameter's value automatically sets the value on the device to match the actual value of the node. The node is specified in NodeURI.
Supported operations are Add, Get, and Delete.
@@ -402,11 +402,11 @@ The value inside of the node tag is the actual value returned by the Uri, which
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
-
-
-
+[Configuration service provider reference](index.yml)
+
+
+
+
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 8fb7117803..f5f3d05408 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -16,7 +16,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **NodeCache** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md
index 5fc7af65c0..ce956ea412 100644
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@@ -3,8 +3,8 @@ title: Office CSP
description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/15/2018
ms.reviewer:
@@ -24,7 +24,7 @@ The table below shows the applicability of Windows:
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
-The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
+The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
This CSP was added in Windows 10, version 1703.
@@ -58,41 +58,41 @@ Office
------------Status
```
-**./Device/Vendor/MSFT/Office/ or ./User/Vendor/MSFT/Office**
+**./Device/Vendor/MSFT/Office/ or ./User/Vendor/MSFT/Office**
The root node for the Office configuration service provider.
-**Installation**
+**Installation**
Specifies the options for the Microsoft Office installation.
The supported operations are Add, Delete, and Get.
-**Installation/_id_**
-Specifies a unique identifier that represents the ID of the Microsoft Office product to install.
+**Installation/_id_**
+Specifies a unique identifier that represents the ID of the Microsoft Office product to install.
The supported operations are Add, Delete, and Get.
-**Installation/_id_/Install**
-Installs Office by using the XML data specified in the configuration.xml file.
+**Installation/_id_/Install**
+Installs Office by using the XML data specified in the configuration.xml file.
The supported operations are Get and Execute.
-**Installation/_id_/Status**
-The Microsoft Office installation status.
+**Installation/_id_/Status**
+The Microsoft Office installation status.
The only supported operation is Get.
-**Installation/_id_/FinalStatus**
+**Installation/_id_/FinalStatus**
Added in Windows 10, version 1809. Indicates the status of the Final Office 365 installation.
The only supported operation is Get.
-Behavior:
+Behavior:
- When Office CSP is triggered to install, it will first check if the FinalStatus node exists or not. If the node exists, delete it.
-- When Office installation reaches any terminal states (either success or failure), this node is created that contains the following values:
+- When Office installation reaches any terminal states (either success or failure), this node is created that contains the following values:
- When status = 0: 70 (succeeded)
- When status!= 0: 60 (failed)
-**Installation/CurrentStatus**
+**Installation/CurrentStatus**
Returns an XML of current Office 365 installation status on the device.
The only supported operation is Get.
@@ -112,7 +112,7 @@ Sample SyncML to install Microsoft 365 Apps for business Retail from current cha
chr
-
+
<Configuration><Add OfficeClientEdition="32" Channel="Current"><Product ID="O365BusinessRetail"><Language ID="en-us" /></Product></Add><Display Level="None" AcceptEULA="TRUE" /></Configuration>
@@ -134,7 +134,7 @@ To uninstall the Office 365 from the system:
chr
-
+
<Configuration><Remove All="TRUE"/><Display Level="None" AcceptEULA="TRUE" /></Configuration>
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index 94b6fecffe..9dec2a31e2 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/15/2018
---
@@ -15,7 +15,7 @@ ms.date: 08/15/2018
This topic shows the OMA DM device description framework (DDF) for the **Office** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is for Windows 10, version 1809.
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index d45249dffe..79b9684766 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 07/19/2019
---
@@ -83,7 +83,8 @@ PassportForWork
-------UseBiometrics
-------Biometrics
----------UseBiometrics
-----------FacialFeatureUse
+----------FacialFeaturesUseEnhancedAntiSpoofing
+----------EnableESSwithSupportedPeripherals
-------DeviceUnlock
----------GroupA
----------GroupB
@@ -95,34 +96,34 @@ PassportForWork
----------UseSecurityKeyForSignin
```
-**PassportForWork**
+**PassportForWork**
Root node for PassportForWork configuration service provider.
-***TenantId***
+***TenantId***
A globally unique identifier (GUID), without curly braces (`{`, `}`), that's used as part of Windows Hello for Business provisioning and management. To get a GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module/servicemanagement/azure.service/get-azureaccount). For more information, see [Get Windows Azure Active Directory Tenant ID in Windows PowerShell](https://devblogs.microsoft.com/scripting/get-windows-azure-active-directory-tenant-id-in-windows-powershell).
-***TenantId*/Policies**
+***TenantId*/Policies**
Node for defining the Windows Hello for Business policy settings.
-***TenantId*/Policies/UsePassportForWork**
+***TenantId*/Policies/UsePassportForWork**
Boolean value that sets Windows Hello for Business as a method for signing into Windows.
Default value is true. If you set this policy to false, the user can't provision Windows Hello for Business.
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/RequireSecurityDevice**
+***TenantId*/Policies/RequireSecurityDevice**
Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an extra security benefit over software so that data stored in it can't be used on other devices.
Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there isn't a usable TPM. If you don't configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable.
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT)
+***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1703. Root node for excluded security devices.
*Not supported on Windows Holographic and Windows Holographic for Business.*
-***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT)
+***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG).
Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business.
@@ -131,8 +132,8 @@ If you disable or don't configure this policy setting, TPM revision 1.2 modules
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/EnablePinRecovery**
-Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service.
+***TenantId*/Policies/EnablePinRecovery**
+Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service.
This cloud service encrypts a recovery secret, which is stored locally on the client, and can be decrypted only by the cloud service.
Default value is false. If you enable this policy setting, the PIN recovery secret will be stored on the device and the user can change their PIN if needed.
@@ -141,7 +142,7 @@ If you disable or don't configure this policy setting, the PIN recovery secret w
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/UseCertificateForOnPremAuth** (only for ./Device/Vendor/MSFT)
+***TenantId*/Policies/UseCertificateForOnPremAuth** (only for ./Device/Vendor/MSFT)
Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premises resources.
If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
@@ -150,10 +151,19 @@ If you disable or don't configure this policy setting, the PIN will be provision
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity**
+***TenantId*/Policies/UseCloudTrustForOnPremAuth** (only for ./Device/Vendor/MSFT)
+Boolean value that enables Windows Hello for Business to use Azure AD Kerberos to authenticate to on-premises resources.
+
+If you enable this policy setting, Windows Hello for Business will use an Azure AD Kerberos ticket to authenticate to on-premises resources. The Azure AD Kerberos ticket is returned to the client after a successful authentication to Azure AD if Azure AD Kerberos is enabled for the tenant and domain.
+
+If you disable or do not configure this policy setting, Windows Hello for Business will use a key or certificate to authenticate to on-premises resources.
+
+Supported operations are Add, Get, Delete, and Replace.
+
+***TenantId*/Policies/PINComplexity**
Node for defining PIN settings.
-***TenantId*/Policies/PINComplexity/MinimumPINLength**
+***TenantId*/Policies/PINComplexity/MinimumPINLength**
Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.
If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or don't configure this policy setting, the PIN length must be greater than or equal to 4.
@@ -164,7 +174,7 @@ If you configure this policy setting, the PIN length must be greater than or equ
Value type is int. Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity/MaximumPINLength**
+***TenantId*/Policies/PINComplexity/MaximumPINLength**
Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater.
If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or don't configure this policy setting, the PIN length must be less than or equal to 127.
@@ -175,7 +185,7 @@ If you configure this policy setting, the PIN length must be less than or equal
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity/UppercaseLetters**
+***TenantId*/Policies/PINComplexity/UppercaseLetters**
Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN.
Valid values:
@@ -188,7 +198,7 @@ Default value is 2. Default PIN complexity behavior is that digits are required
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity/LowercaseLetters**
+***TenantId*/Policies/PINComplexity/LowercaseLetters**
Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN.
Valid values:
@@ -201,7 +211,7 @@ Default value is 2. Default PIN complexity behavior is that digits are required
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity/SpecialCharacters**
+***TenantId*/Policies/PINComplexity/SpecialCharacters**
Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " \# $ % & ' ( ) \* + , - . / : ; < = > ? @ \[ \\ \] ^ \_ \` { | } ~ .
Valid values:
@@ -214,7 +224,7 @@ Default value is 2. Default PIN complexity behavior is that digits are required
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity/Digits**
+***TenantId*/Policies/PINComplexity/Digits**
Integer value that configures the use of digits in the Windows Hello for Business PIN.
Valid values:
@@ -227,7 +237,7 @@ Default value is 1. Default PIN complexity behavior is that digits are required
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity/History**
+***TenantId*/Policies/PINComplexity/History**
Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs isn't required. This node was added in Windows 10, version 1511.
The current PIN of the user is included in the set of PINs associated with the user account. PIN history isn't preserved through a PIN reset.
@@ -236,18 +246,18 @@ Default value is 0.
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/PINComplexity/Expiration**
+***TenantId*/Policies/PINComplexity/Expiration**
Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. This node was added in Windows 10, version 1511.
Default is 0.
Supported operations are Add, Get, Delete, and Replace.
-***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT)
+***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT)
Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511.
*Not supported on Windows Holographic and Windows Holographic for Business.*
-***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT)
+***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT)
Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511.
Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled.
@@ -256,7 +266,7 @@ Supported operations are Add, Get, Delete, and Replace.
*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
-***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT)
+***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1809. If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates.
If you disable or don't configure this policy setting, applications don't use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key.
@@ -265,25 +275,23 @@ Windows requires a user to lock and unlock their session after changing this set
Value type is bool. Supported operations are Add, Get, Replace, and Delete.
-**UseBiometrics**
+**UseBiometrics**
This node is deprecated. Use **Biometrics/UseBiometrics** node instead.
-**Biometrics** (only for ./Device/Vendor/MSFT)
+**Biometrics** (only for ./Device/Vendor/MSFT)
Node for defining biometric settings. This node was added in Windows 10, version 1511.
*Not supported on Windows Holographic and Windows Holographic for Business.*
-**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)
+**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)
Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use if there are failures. This node was added in Windows 10, version 1511.
Default value is true, enabling the biometric gestures for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business.
-
-
Supported operations are Add, Get, Delete, and Replace.
*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
-**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)
+**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)
Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511.
Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication.
@@ -296,52 +304,72 @@ Supported operations are Add, Get, Delete, and Replace.
*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
-**DeviceUnlock** (only for ./Device/Vendor/MSFT)
+**Biometrics/EnableESSwithSupportedPeripherals** (only for ./Device/Vendor/MSFT)
+
+If this policy is enabled, Windows Hello authentication using peripheral biometric sensors will be blocked. Any non-authentication operational functionalities such as camera usage (for instance, video calls and the camera) will be unaffected.
+
+If you enable this policy it can have the following possible values:
+
+**0 - Enhanced Sign-in Security Disabled** (not recommended)
+
+Enhanced sign-in security will be disabled on all systems, enabling the use of peripheral biometric authentication. If this policy value is set to 0 after users have enrolled in ESS biometrics, users will be prompted to reset their PIN. They will lose all their existing biometric enrollments. To use biometrics they will have to enroll again.
+
+**1 - Enhanced Sign-in Security Enabled** (default and recommended for highest security)
+
+Enhanced sign-in security will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any biometric device that Enhanced Sign-in Security does not support, including that of peripheral devices, will be blocked and not available for Windows Hello.
+
+If you disable or do not configure this policy, Enhanced Sign-in Security is preferred on the device. The behavior will be the same as enabling the policy and setting the value to 1.
+
+Supported operations are Add, Get, Delete, and Replace.
+
+*Supported from Windows 11 version 22H2*
+
+**DeviceUnlock** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1803. Interior node.
-**DeviceUnlock/GroupA** (only for ./Device/Vendor/MSFT)
+**DeviceUnlock/GroupA** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the first step of authentication.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-**DeviceUnlock/GroupB** (only for ./Device/Vendor/MSFT)
+**DeviceUnlock/GroupB** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the second step of authentication.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-**DeviceUnlock/Plugins** (only for ./Device/Vendor/MSFT)
+**DeviceUnlock/Plugins** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user presence.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-**DynamicLock** (only for ./Device/Vendor/MSFT)
+**DynamicLock** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1803. Interior node.
-**DynamicLock/DynamicLock** (only for ./Device/Vendor/MSFT)
+**DynamicLock/DynamicLock** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1803. Enables the dynamic lock.
Value type is bool. Supported operations are Add, Get, Replace, and Delete.
-**DynamicLock/Plugins** (only for ./Device/Vendor/MSFT)
+**DynamicLock/Plugins** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user absence.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-**SecurityKey** (only for ./Device/Vendor/MSFT)
+**SecurityKey** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1903. Interior node.
Scope is permanent. Supported operation is Get.
-**SecurityKey/UseSecurityKeyForSignin** (only for ./Device/Vendor/MSFT)
+**SecurityKey/UseSecurityKeyForSignin** (only for ./Device/Vendor/MSFT)
Added in Windows 10, version 1903. Enables users to sign in to their device with a [FIDO2 security key](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys) that is compatible with Microsoft’s implementation.
Scope is dynamic. Supported operations are Add, Get, Replace, and Delete.
-Value type is integer.
+Value type is integer.
-Valid values:
+Valid values:
- 0 (default) - disabled.
- 1 - enabled.
@@ -542,7 +570,7 @@ Here's an example for setting Windows Hello for Business and setting the PIN pol
true
-
+ 15
@@ -557,7 +585,22 @@ Here's an example for setting Windows Hello for Business and setting the PIN pol
true
-
+
+ 16
+
+
+
+ ./Vendor/MSFT/PassportForWork/Biometrics/EnableESSwithSupportedPeripherals
+
+
+
+ int
+ text/plain
+
+ 0
+
+
+
```
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index 5bdaf460f7..9e511239d2 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 07/29/2019
---
@@ -15,7 +15,7 @@ ms.date: 07/29/2019
This topic shows the OMA DM device description framework (DDF) for the **PassportForWork** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is for Windows 10, version 1903.
@@ -658,7 +658,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
False
- Windows Hello for Business can use certificates to authenticate to on-premise resources.
+ Windows Hello for Business can use certificates to authenticate to on-premise resources.
If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md
new file mode 100644
index 0000000000..c64e9f1290
--- /dev/null
+++ b/windows/client-management/mdm/personaldataencryption-csp.md
@@ -0,0 +1,46 @@
+---
+title: PersonalDataEncryption CSP
+description: Learn how the PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices.
+ms.author: v-nsatapathy
+ms.topic: article
+ms.prod: windows-client
+ms.technology: itpro-manage
+author: nimishasatapathy
+ms.localizationpriority: medium
+ms.date: 09/12/2022
+ms.reviewer:
+manager: dansimp
+---
+
+# PersonalDataEncryption CSP
+
+The PersonalDataEncryption configuration service provider (CSP) is used by the enterprise to protect data confidentiality of PCs and devices. This CSP was added in Windows 11, version 22H2.
+
+The following shows the PersonalDataEncryption configuration service provider in tree format:
+
+```
+./User/Vendor/MSFT/PDE
+-- EnablePersonalDataEncryption
+-- Status
+-------- PersonalDataEncryptionStatus
+
+```
+
+**EnablePersonalDataEncryption**:
+- 0 is default (disabled)
+- 1 (enabled) will make Personal Data Encryption (PDE) public API available to applications for the user: [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
+
+The public API allows the applications running as the user to encrypt data as soon as this policy is enabled. However, prerequisites must be met for PDE to be enabled.
+
+**Status/PersonalDataEncryptionStatus**: Reports the current status of Personal Data Encryption (PDE) for the user. If prerequisites of PDE aren't met, then the status will be 0. If all prerequisites are met for PDE, then PDE will be enabled and status will be 1.
+
+> [!Note]
+> The policy is only applicable on Enterprise and Education SKUs.
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|No|No|
+|Business|No|No|
+|Enterprise|No|Yes|
+|Education|No|Yes|
diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md
new file mode 100644
index 0000000000..8584167779
--- /dev/null
+++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md
@@ -0,0 +1,127 @@
+---
+title: PersonalDataEncryption DDF file
+description: Learn about the OMA DM device description framework (DDF) for the PersonalDataEncryption configuration service provider.
+ms.author: v-nsatapathy
+ms.topic: article
+ms.prod: windows-client
+ms.technology: itpro-manage
+author: nimishasatapathy
+ms.localizationpriority: medium
+ms.date: 09/10/2022
+ms.reviewer:
+manager: dansimp
+---
+
+# PersonalDataEncryption DDF file
+
+This topic shows the OMA DM device description framework (DDF) for the **PersonalDataEncryption** configuration service provider.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
+
+The XML below is the current version for this CSP.
+
+```xml
+
+]>
+
+ 1.2
+
+ PDE
+ ./User/Vendor/MSFT
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EnablePersonalDataEncryption
+
+
+
+
+
+
+
+ Allows the Admin to enable Personal Data Encryption. Set to '1' to set this policy.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ Disable Personal Data Encryption.
+
+
+ 1
+ Enable Personal Data Encryption.
+
+
+
+
+
+ Status
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PersonalDataEncryptionStatus
+
+
+
+
+ This node reports the current state of Personal Data Encryption for a user. '0' means disabled. '1' means enabled.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index 465ac4ecd9..ac71d90716 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -3,8 +3,8 @@ title: Personalization CSP
description: Use the Personalization CSP to lock screen and desktop background images, prevent users from changing the image, and use the settings in a provisioning package.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/28/2022
ms.reviewer:
@@ -29,7 +29,7 @@ The Personalization CSP can set the lock screen and desktop background images. S
This CSP was added in Windows 10, version 1703.
> [!Note]
-> Personalization CSP is supported in Windows 10 Enterprise and Education SKUs. It works in Windows 10 Pro and Windows 10 Pro in S mode if SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set.
+> Personalization CSP is supported in Windows Enterprise and Education SKUs. It works in Windows Professional if SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set.
The following example shows the Personalization configuration service provider in tree format.
```
@@ -40,14 +40,14 @@ Personalization
----LockScreenImageUrl
----LockScreenImageStatus
```
-**./Vendor/MSFT/Personalization**
+**./Vendor/MSFT/Personalization**
Defines the root node for the Personalization configuration service provider.
-**DesktopImageUrl**
+**DesktopImageUrl**
Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.
Value type is string. Supported operations are Add, Get, Delete, and Replace.
-**DesktopImageStatus**
+**DesktopImageStatus**
Represents the status of the desktop image. Valid values:
1 - Successfully downloaded or copied.
@@ -63,12 +63,12 @@ Personalization
> [!Note]
> This setting is only used to query status. To set the image, use the DesktopImageUrl setting.
-**LockScreenImageUrl**
+**LockScreenImageUrl**
Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.
Value type is string. Supported operations are Add, Get, Delete, and Replace.
Represents the status of the lock screen image. Valid values:
1 - Successfully downloaded or copied.
@@ -120,7 +120,7 @@ Personalization
https://www.contoso.com/lockscreenimage.JPG
-
+
```
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index 80cdb39b9b..c3ec340d14 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -3,8 +3,8 @@ title: Personalization DDF file
description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP).
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
@@ -13,9 +13,9 @@ manager: aaroncz
# Personalization DDF file
-This topic shows the OMA DM device description framework (DDF) for the **Personalization** configuration service provider.
+This topic shows the OMA DM device description framework (DDF) for the **Personalization** configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index e06e70792f..b683f12d06 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/08/2020
@@ -14,12 +14,6 @@ ms.date: 10/08/2020
# ADMX-backed policies in Policy CSP
-> [!div class="op_single_selector"]
->
-> - [Policies in Policy CSP supported by Group Policy](./policies-in-policy-csp-supported-by-group-policy.md)
-> - [ADMX-backed policies in Policy CSP]()
->
-
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
- [ADMX_ActiveXInstallService/AxISURLZonePolicies](./policy-csp-admx-activexinstallservice.md#admx-activexinstallservice-axisurlzonepolicies)
- [ADMX_AddRemovePrograms/DefaultCategory](./policy-csp-admx-addremoveprograms.md#admx-addremoveprograms-defaultcategory)
@@ -1559,6 +1553,16 @@ ms.date: 10/08/2020
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
+- [DesktopAppInstaller/EnableAdditionalSources](./policy-csp-desktopappinstaller.md#desktopappinstaller-enableadditionalsources)
+- [DesktopAppInstaller/EnableAppInstaller](./policy-csp-desktopappinstaller.md#desktopappinstaller-enableappinstaller)
+- [DesktopAppInstaller/EnableLocalManifestFiles](./policy-csp-desktopappinstaller.md#desktopappinstaller-enablelocalmanifestfiles)
+- [DesktopAppInstaller/EnableHashOverride](./policy-csp-desktopappinstaller.md#desktopappinstaller-enablehashoverride)
+- [DesktopAppInstaller/EnableMicrosoftStoreSource](./policy-csp-desktopappinstaller.md#desktopappinstaller-enablemicrosoftstoresource)
+- [DesktopAppInstaller/EnableMSAppInstallerProtocol](./policy-csp-desktopappinstaller.md#desktopappinstaller-enablemsappinstallerprotocol)
+- [DesktopAppInstaller/EnableSettings](./policy-csp-desktopappinstaller.md#desktopappinstaller-enablesettings)
+- [DesktopAppInstaller/EnableAllowedSources](./policy-csp-desktopappinstaller.md#desktopappinstaller-enableallowedsources)
+- [DesktopAppInstaller/EnableExperimentalFeatures](./policy-csp-desktopappinstaller.md#desktopappinstaller-enableexperimentalfeatures)
+- [DesktopAppInstaller/SourceAutoUpdateInterval](./policy-csp-desktopappinstaller.md#desktopappinstaller-sourceautoupdateinterval)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallationpreventdevicemetadatafromnetwork)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 55f6a99ca0..a3a69669c7 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
@@ -14,12 +14,6 @@ ms.date: 07/18/2019
# Policies in Policy CSP supported by Group Policy
-> [!div class="op_single_selector"]
->
-> - [Policies in Policy CSP supported by Group Policy]()
-> - [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
->
-
- [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
index f70f86e654..5b7486628f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/17/2019
@@ -14,13 +14,6 @@ ms.date: 09/17/2019
# Policies in Policy CSP supported by HoloLens (first gen) Commercial Suite
-> [!div class="op_single_selector"]
->
-> - [HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md)
-> - [HoloLens (1st gen) Commercial Suite]()
-> - [HoloLens (1st gen) Development Edition](./policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md)
->
-
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
index 102a2eb6bc..eebc6a88cf 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
@@ -14,13 +14,6 @@ ms.date: 07/18/2019
# Policies in Policy CSP supported by HoloLens (first gen) Development Edition
-> [!div class="op_single_selector"]
->
-> - [HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md)
-> - [HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)
-> - [HoloLens (1st gen) Development Edition]()
->
-
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 9d2038131f..6aa5459e4a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/01/2022
@@ -14,13 +14,6 @@ ms.date: 08/01/2022
# Policies in Policy CSP supported by HoloLens 2
-> [!div class="op_single_selector"]
->
-> - [HoloLens 2]()
-> - [HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)
-> - [HoloLens (1st gen) Development Edition](./policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md)
->
-
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
- [ApplicationManagement/AllowAllTrustedApps](policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps)
- [ApplicationManagement/AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
@@ -52,16 +45,18 @@ ms.date: 08/01/2022
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9
-- [MixedReality/AllowCaptivePortalBeforeSignIn](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforesignin) Insider
+- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) Insider
- [MixedReality/AllowLaunchUriInSingleAppKiosk](./policy-csp-mixedreality.md#mixedreality-allowlaunchuriinsingleappkiosk)10
- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 11
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9
- [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)
+- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) Insider
- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) Insider
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9
- [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) 9
- [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#mixedreality-manualdowndirectiondisabled) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)
- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9
+- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) Insider
- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) Insider
- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) Insider
- [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) 10
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
index 710a6bea37..3e333af7f9 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/16/2019
@@ -14,11 +14,6 @@ ms.date: 09/16/2019
# Policies in Policy CSP supported by Windows 10 IoT Core
-> [!div class="op_single_selector"]
->
-> - [IoT Core]()
->
-
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
- [CredentialProviders/AllowPINLogon](policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 128bb7099b..94bb7192fa 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/22/2020
@@ -14,7 +14,6 @@ ms.date: 07/22/2020
# Policies in Policy CSP supported by Microsoft Surface Hub
-
- [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock)
- [Accounts/AllowMicrosoftAccountConnection](./policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
index 0529c08779..601ad0b197 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
@@ -14,25 +14,25 @@ ms.date: 07/18/2019
# Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
-- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
-- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
-- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
-- [Connectivity/AllowCellularDataRoaming](policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
-- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
-- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
-- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
-- [DeviceLock/DevicePasswordExpiration](policy-csp-devicelock.md#devicelock-devicepasswordexpiration)
-- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
-- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
-- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
-- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
-- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
-- [DeviceLock/PreventLockScreenSlideShow](policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
-- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
-- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
-- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
-- [System/TelemetryProxy](policy-csp-system.md#system-telemetryproxy)
-- [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing)
+- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
+- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
+- [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)
+- [Connectivity/AllowCellularDataRoaming](policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
+- [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)
+- [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)
+- [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)
+- [DeviceLock/DevicePasswordExpiration](policy-csp-devicelock.md#devicelock-devicepasswordexpiration)
+- [DeviceLock/DevicePasswordHistory](policy-csp-devicelock.md#devicelock-devicepasswordhistory)
+- [DeviceLock/MaxDevicePasswordFailedAttempts](policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts)
+- [DeviceLock/MaxInactivityTimeDeviceLock](policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock)
+- [DeviceLock/MinDevicePasswordComplexCharacters](policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters)
+- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
+- [DeviceLock/PreventLockScreenSlideShow](policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
+- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
+- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
+- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
+- [System/TelemetryProxy](policy-csp-system.md#system-telemetryproxy)
+- [Wifi/AllowInternetSharing](policy-csp-wifi.md#wifi-allowinternetsharing)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi)
## Related topics
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 3b79fcf245..e771422d71 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
@@ -65,22 +65,22 @@ Policy
```
-**./Vendor/MSFT/Policy**
+**./Vendor/MSFT/Policy**
The root node for the Policy configuration service provider.
Supported operation is Get.
-**Policy/Config**
+**Policy/Config**
Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value) the configuration source can use the Policy/Result path to retrieve the resulting value.
Supported operation is Get.
-**Policy/Config/_AreaName_**
+**Policy/Config/_AreaName_**
The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.
Supported operations are Add, Get, and Delete.
-**Policy/Config/_AreaName/PolicyName_**
+**Policy/Config/_AreaName/PolicyName_**
Specifies the name/value pair used in the policy.
The following list shows some tips to help you when configuring policies:
@@ -94,28 +94,28 @@ The following list shows some tips to help you when configuring policies:
- Supported operations are Add, Get, Delete, and Replace.
- Value type is string.
-**Policy/Result**
+**Policy/Result**
Groups the evaluated policies from all providers that can be configured.
Supported operation is Get.
-**Policy/Result/_AreaName_**
+**Policy/Result/_AreaName_**
The area group that can be configured by a single technology independent of the providers.
Supported operation is Get.
-**Policy/Result/_AreaName/PolicyName_**
+**Policy/Result/_AreaName/PolicyName_**
Specifies the name/value pair used in the policy.
Supported operation is Get.
-**Policy/ConfigOperations**
+**Policy/ConfigOperations**
Added in Windows 10, version 1703. The root node for grouping different configuration operations.
Supported operations are Add, Get, and Delete.
-**Policy/ConfigOperations/ADMXInstall**
-Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
+**Policy/ConfigOperations/ADMXInstall**
+Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](../win32-and-centennial-app-policy-configuration.md).
> [!NOTE]
> The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](/previous-versions/office/office-2013-resource-kit/cc179097(v=office.15)).
@@ -124,27 +124,27 @@ ADMX files that have been installed by using **ConfigOperations/ADMXInstall** ca
Supported operations are Add, Get, and Delete.
-**Policy/ConfigOperations/ADMXInstall/_AppName_**
-Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.
+**Policy/ConfigOperations/ADMXInstall/_AppName_**
+Added in Windows 10, version 1703. Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.
Supported operations are Add, Get, and Delete.
-**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy**
+**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy**
Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app policy is to be imported.
Supported operations are Add, Get, and Delete.
-**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy/_UniqueID_**
+**Policy/ConfigOperations/ADMXInstall/_AppName_/Policy/_UniqueID_**
Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the policy to import.
Supported operations are Add and Get. Does not support Delete.
-**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference**
+**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference**
Added in Windows 10, version 1703. Specifies that a Win32 or Desktop Bridge app preference is to be imported.
Supported operations are Add, Get, and Delete.
-**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference/_UniqueID_**
+**Policy/ConfigOperations/ADMXInstall/_AppName_/Preference/_UniqueID_**
Added in Windows 10, version 1703. Specifies the unique ID of the app ADMX file that contains the preference to import.
Supported operations are Add and Get. Does not support Delete.
@@ -174,7 +174,7 @@ Supported operations are Add and Get. Does not support Delete.
-
+
### ActiveXControls policies
@@ -185,7 +185,7 @@ Supported operations are Add and Get. Does not support Delete.
-### ADMX_ActiveXInstallService policies
+### ADMX_ActiveXInstallService policies
@@ -279,7 +279,7 @@ Supported operations are Add and Get. Does not support Delete.
@@ -9385,11 +9511,11 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
- [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
> [!NOTE]
-> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
## Policies in Policy CSP supported by HoloLens devices
-- [Policies in Policy CSP supported by HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md)
-- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)
+- [Policies in Policy CSP supported by HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md)
+- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](./policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)
- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](./policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md)
## Policies in Policy CSP supported by Windows 10 IoT
@@ -9403,4 +9529,4 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index da3b56f932..d0febc03b7 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -4,8 +4,8 @@ description: Learn the various AboveLock Policy configuration service provider (
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/27/2019
ms.reviewer:
@@ -17,7 +17,7 @@ manager: aaroncz
-## AboveLock policies
+## AboveLock policies
@@ -33,7 +33,7 @@ manager: aaroncz
-**AboveLock/AllowCortanaAboveLock**
+**AboveLock/AllowCortanaAboveLock**
@@ -62,7 +62,7 @@ Added in Windows 10, version 1607. Specifies whether or not the user can intera
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Cortana above lock screen*
- GP name: *AllowCortanaAboveLock*
- GP path: *Windows Components/Search*
@@ -81,7 +81,7 @@ The following list shows the supported values:
-**AboveLock/AllowToasts**
+**AboveLock/AllowToasts**
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index 9320bce051..e2ccc30eb8 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -4,8 +4,8 @@ description: Learn about the Accounts policy configuration service provider (CSP
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/27/2019
ms.reviewer:
@@ -19,7 +19,7 @@ manager: aaroncz
-## Accounts policies
+## Accounts policies
@@ -43,7 +43,7 @@ manager: aaroncz
-**Accounts/AllowAddingNonMicrosoftAccountsManually**
+**Accounts/AllowAddingNonMicrosoftAccountsManually**
@@ -88,7 +88,7 @@ The following list shows the supported values:
-**Accounts/AllowMicrosoftAccountConnection**
+**Accounts/AllowMicrosoftAccountConnection**
@@ -131,7 +131,7 @@ The following list shows the supported values:
-**Accounts/AllowMicrosoftAccountSignInAssistant**
+**Accounts/AllowMicrosoftAccountSignInAssistant**
@@ -163,7 +163,7 @@ Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "
> If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
> [!NOTE]
-> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
+> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
@@ -178,7 +178,7 @@ The following list shows the supported values:
-**Accounts/DomainNamesForEmailSync**
+**Accounts/DomainNamesForEmailSync**
@@ -216,7 +216,7 @@ The following list shows the supported values:
-**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly**
+**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly**
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 572eef454e..02246616a5 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -4,8 +4,8 @@ description: Learn about various Policy configuration service provider (CSP) - A
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/27/2019
ms.reviewer:
@@ -15,17 +15,17 @@ manager: aaroncz
# Policy CSP - ActiveXControls
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ActiveXControls policies
+## ActiveXControls policies
@@ -37,7 +37,7 @@ manager: aaroncz
-**ActiveXControls/ApprovedInstallationSites**
+**ActiveXControls/ApprovedInstallationSites**
@@ -62,11 +62,11 @@ manager: aaroncz
-This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved ActiveX Install sites specified by host URL.
+This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved ActiveX Install sites specified by host URL.
-If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.
+If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.
-If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.
+If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.
> [!Note]
> Wild card characters can't be used when specifying the host URLs.
@@ -74,7 +74,7 @@ If you disable or don't configure this policy setting, ActiveX controls prompt t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Approved Installation Sites for ActiveX Controls*
- GP name: *ApprovedActiveXInstallSites*
- GP path: *Windows Components/ActiveX Installer Service*
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index 05cbc1fcee..b22227cbb1 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_ActiveXInstallService.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
@@ -15,17 +15,17 @@ manager: aaroncz
# Policy CSP - ADMX_ActiveXInstallService
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ActiveXInstallService policies
+## ADMX_ActiveXInstallService policies
@@ -37,7 +37,7 @@ manager: aaroncz
-**ADMX_ActiveXInstallService/AxISURLZonePolicies**
+**ADMX_ActiveXInstallService/AxISURLZonePolicies**
@@ -67,7 +67,7 @@ This policy setting controls the installation of ActiveX controls for sites in T
If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
-If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation.
+If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation.
If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If a trusted site has a certificate error but you want to trust it anyway, you can select the certificate errors that you want to ignore.
@@ -77,7 +77,7 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
- GP name: *AxISURLZonePolicies*
- GP path: *Windows Components\ActiveX Installer Service*
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index cf5b1966c0..ea465b599b 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -3,8 +3,8 @@ title: Policy CSP - ADMX_AddRemovePrograms
description: Learn about the Policy CSP - ADMX_AddRemovePrograms.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/13/2020
@@ -15,17 +15,17 @@ manager: aaroncz
# Policy CSP - ADMX_AddRemovePrograms
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## Policy CSP - ADMX_AddRemovePrograms
+## Policy CSP - ADMX_AddRemovePrograms
@@ -67,7 +67,7 @@ manager: aaroncz
-**ADMX_AddRemovePrograms/DefaultCategory**
+**ADMX_AddRemovePrograms/DefaultCategory**
@@ -89,7 +89,7 @@ manager: aaroncz
-The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories.
+The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories.
To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
@@ -101,7 +101,7 @@ If you disable this setting or don't configure it, all programs (Category: All)
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify default category for Add New Programs*
- GP name: *DefaultCategory*
- GP path: *Control Panel/Add or Remove Programs*
@@ -122,7 +122,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddFromCDorFloppy**
+**ADMX_AddRemovePrograms/NoAddFromCDorFloppy**
@@ -159,7 +159,7 @@ If you disable this setting or don't configure it, the "Add a program from CD-RO
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the "Add a program from CD-ROM or floppy disk" option*
- GP name: *NoAddFromCDorFloppy*
- GP path: *Control Panel/Add or Remove Programs*
@@ -180,7 +180,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddFromInternet**
+**ADMX_AddRemovePrograms/NoAddFromInternet**
@@ -218,7 +218,7 @@ If you disable this setting or don't configure it, "Add programs from Microsoft"
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the "Add programs from Microsoft" option*
- GP name: *NoAddFromInternet*
- GP path: *Control Panel/Add or Remove Programs*
@@ -239,7 +239,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddFromNetwork**
+**ADMX_AddRemovePrograms/NoAddFromNetwork**
@@ -266,9 +266,9 @@ ADMX Info:
-This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.
+This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.
-If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.
+If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.
If you disable this setting or don't configure it, "Add programs from your network" is available to all users.
@@ -279,7 +279,7 @@ If you disable this setting or don't configure it, "Add programs from your netwo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the "Add programs from your network" option*
- GP name: *NoAddFromNetwork*
- GP path: *Control Panel/Add or Remove Programs*
@@ -299,7 +299,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddPage**
+**ADMX_AddRemovePrograms/NoAddPage**
@@ -334,7 +334,7 @@ If you disable this setting or don't configure it, the Add New Programs button i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Add New Programs page*
- GP name: *NoAddPage*
- GP path: *Control Panel/Add or Remove Programs*
@@ -355,7 +355,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddRemovePrograms**
+**ADMX_AddRemovePrograms/NoAddRemovePrograms**
@@ -382,7 +382,7 @@ ADMX Info:
-This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
+This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
If you disable this setting or don't configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting doesn't prevent users from using other tools and methods to install or uninstall programs.
@@ -390,7 +390,7 @@ If you disable this setting or don't configure it, Add or Remove Programs is ava
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Add or Remove Programs*
- GP name: *NoAddRemovePrograms*
- GP path: *Control Panel/Add or Remove Programs*
@@ -411,7 +411,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoChooseProgramsPage**
+**ADMX_AddRemovePrograms/NoChooseProgramsPage**
@@ -438,7 +438,7 @@ ADMX Info:
-This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
+This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
If you disable this setting or don't configure it, the **Set Program Access and Defaults** button is available to all users. This setting doesn't prevent users from using other tools and methods to change program access or defaults. This setting doesn't prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
@@ -447,7 +447,7 @@ If you disable this setting or don't configure it, the **Set Program Access and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the Set Program Access and Defaults page*
- GP name: *NoChooseProgramsPage*
- GP path: *Control Panel/Add or Remove Programs*
@@ -468,7 +468,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoRemovePage**
+**ADMX_AddRemovePrograms/NoRemovePage**
@@ -503,7 +503,7 @@ If you disable this setting or don't configure it, the Change or Remove Programs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Change or Remove Programs page*
- GP name: *NoRemovePage*
- GP path: *Control Panel/Add or Remove Programs*
@@ -524,7 +524,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoServices**
+**ADMX_AddRemovePrograms/NoServices**
@@ -562,7 +562,7 @@ If you disable this setting or don't configure it, "Set up services" appears onl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Go directly to Components Wizard*
- GP name: *NoServices*
- GP path: *Control Panel/Add or Remove Programs*
@@ -583,7 +583,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoSupportInfo**
+**ADMX_AddRemovePrograms/NoSupportInfo**
@@ -620,7 +620,7 @@ If you disable this setting or don't configure it, the Support Info hyperlink ap
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Support Information*
- GP name: *NoSupportInfo*
- GP path: *Control Panel/Add or Remove Programs*
@@ -641,7 +641,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoWindowsSetupPage**
+**ADMX_AddRemovePrograms/NoWindowsSetupPage**
@@ -676,7 +676,7 @@ If you disable this setting or don't configure it, the Add/Remove Windows Compon
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Add/Remove Windows Components page*
- GP name: *NoWindowsSetupPage*
- GP path: *Control Panel/Add or Remove Programs*
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index 5dd95ce744..10d49435e9 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_AdmPwd.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
@@ -15,17 +15,17 @@ manager: aaroncz
# Policy CSP - ADMX_AdmPwd
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AdmPwd policies
+## ADMX_AdmPwd policies
@@ -46,7 +46,7 @@ manager: aaroncz
-**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**
+**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**
@@ -78,7 +78,7 @@ When you disable or don't configure this setting, password expiration time may b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow password expiration time longer than required by policy*
- GP name: *POL_AdmPwd_DontAllowPwdExpirationBehindPolicy*
- GP path: *Windows Components\AdmPwd*
@@ -89,7 +89,7 @@ ADMX Info:
-**ADMX_AdmPwd/POL_AdmPwd_Enabled**
+**ADMX_AdmPwd/POL_AdmPwd_Enabled**
@@ -123,7 +123,7 @@ If you disable or not configure this setting, local administrator password is NO
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable local admin password management*
- GP name: *POL_AdmPwd_Enabled*
- GP path: *Windows Components\AdmPwd*
@@ -135,7 +135,7 @@ ADMX Info:
-**ADMX_AdmPwd/POL_AdmPwd_AdminName**
+**ADMX_AdmPwd/POL_AdmPwd_AdminName**
@@ -168,7 +168,7 @@ When you disable or don't configure this setting, password expiration time may b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Name of administrator account to manage*
- GP name: *POL_AdmPwd_AdminName*
- GP path: *Windows Components\AdmPwd*
@@ -181,7 +181,7 @@ ADMX Info:
-**ADMX_AdmPwd/POL_AdmPwd**
+**ADMX_AdmPwd/POL_AdmPwd**
@@ -217,7 +217,7 @@ If you disable or not configure this setting, local administrator password is NO
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Password Settings*
- GP name: *POL_AdmPwd*
- GP path: *Windows Components\AdmPwd*
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index ecdf4b38bf..0bb445f4ed 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -3,8 +3,8 @@ title: Policy CSP - ADMX_AppCompat
description: Policy CSP - ADMX_AppCompat
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/20/2020
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_AppCompat
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## Policy CSP - ADMX_AppCompat
+## Policy CSP - ADMX_AppCompat
@@ -69,7 +69,7 @@ manager: aaroncz
-**ADMX_AppCompat/AppCompatPrevent16BitMach**
+**ADMX_AppCompat/AppCompatPrevent16BitMach**
@@ -111,7 +111,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent access to 16-bit applications*
- GP name: *AppCompatPrevent16BitMach*
- GP path: *Windows Components/Application Compatibility*
@@ -123,7 +123,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**
+**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**
@@ -159,7 +159,7 @@ Enabling this policy setting removes the property page from the context-menus, b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Program Compatibility Property Page*
- GP name: *AppCompatRemoveProgramCompatPropPage*
- GP path: *Windows Components/Application Compatibility*
@@ -171,7 +171,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**
+**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**
@@ -211,7 +211,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Application Telemetry*
- GP name: *AppCompatTurnOffApplicationImpactTelemetry*
- GP path: *Windows Components/Application Compatibility*
@@ -223,7 +223,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffSwitchBack**
+**ADMX_AppCompat/AppCompatTurnOffSwitchBack**
@@ -264,7 +264,7 @@ Reboot the system after changing the setting to ensure that your system accurate
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off SwitchBack Compatibility Engine*
- GP name: *AppCompatTurnOffSwitchBack*
- GP path: *Windows Components/Application Compatibility*
@@ -276,7 +276,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffEngine**
+**ADMX_AppCompat/AppCompatTurnOffEngine**
|Edition|Windows 10|Windows 11|
@@ -318,7 +318,7 @@ This option is useful to server administrators who require faster performance an
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Application Compatibility Engine*
- GP name: *AppCompatTurnOffEngine*
- GP path: *Windows Components/Application Compatibility*
@@ -330,7 +330,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**
+**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**
@@ -362,7 +362,7 @@ This policy setting exists only for backward compatibility, and isn't valid for
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Program Compatibility Assistant*
- GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1*
- GP path: *Windows Components/Application Compatibility*
@@ -374,7 +374,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**
+**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**
@@ -404,7 +404,7 @@ This policy setting controls the state of the Program Compatibility Assistant (P
If you enable this policy setting, the PCA will be turned off. The user won't be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
-If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
> [!NOTE]
> The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
@@ -413,7 +413,7 @@ If you disable or don't configure this policy setting, the PCA will be turned on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Program Compatibility Assistant*
- GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2*
- GP path: *Windows Components/Application Compatibility*
@@ -425,7 +425,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**
+**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**
@@ -463,7 +463,7 @@ If you disable or don't configure this policy setting, Steps Recorder will be en
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Steps Recorder*
- GP name: *AppCompatTurnOffUserActionRecord*
- GP path: *Windows Components/Application Compatibility*
@@ -475,7 +475,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffProgramInventory**
+**ADMX_AppCompat/AppCompatTurnOffProgramInventory**
@@ -501,7 +501,7 @@ ADMX Info:
-This policy setting controls the state of the Inventory Collector.
+This policy setting controls the state of the Inventory Collector.
The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
@@ -516,7 +516,7 @@ If you disable or don't configure this policy setting, the Inventory Collector w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Inventory Collector*
- GP name: *AppCompatTurnOffProgramInventory*
- GP path: *Windows Components/Application Compatibility*
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 3e30dc883a..5659355a4b 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_AppxPackageManager.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_AppxPackageManager
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AppxPackageManager policies
+## ADMX_AppxPackageManager policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles**
+**ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles**
@@ -62,9 +62,9 @@ manager: aaroncz
-This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile.
+This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile.
-Special profiles are the following user profiles where changes are discarded after the user signs off:
+Special profiles are the following user profiles where changes are discarded after the user signs off:
- Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies.
- Mandatory user profiles and super-mandatory profiles, which are created by an administrator.
@@ -79,7 +79,7 @@ If you disable or don't configure this policy setting, Group Policy blocks deplo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow deployment operations in special profiles*
- GP name: *AllowDeploymentInSpecialProfiles*
- GP path: *Windows Components\App Package Deployment*
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index 786dc5626b..e021af18bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_AppXRuntime.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_AppXRuntime
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AppXRuntime policies
+## ADMX_AppXRuntime policies
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules**
+**ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules**
@@ -81,7 +81,7 @@ If you disable or don't set this policy setting, Windows Store apps will only us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on dynamic Content URI Rules for Windows store apps*
- GP name: *AppxRuntimeApplicationContentUriRules*
- GP path: *Windows Components\App runtime*
@@ -92,7 +92,7 @@ ADMX Info:
-**ADMX_AppXRuntime/AppxRuntimeBlockFileElevation**
+**ADMX_AppXRuntime/AppxRuntimeBlockFileElevation**
@@ -128,7 +128,7 @@ If you disable or don't configure this policy setting, Windows Store apps can op
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block launching desktop apps associated with a file.*
- GP name: *AppxRuntimeBlockFileElevation*
- GP path: *Windows Components\App runtime*
@@ -139,7 +139,7 @@ ADMX Info:
-**ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT**
+**ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT**
@@ -177,7 +177,7 @@ If you disable or don't configure this policy setting, all Universal Windows app
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block launching Universal Windows apps with Windows Runtime API access from hosted content.*
- GP name: *AppxRuntimeBlockHostedAppAccessWinRT*
- GP path: *Windows Components\App runtime*
@@ -188,7 +188,7 @@ ADMX Info:
-**ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation**
+**ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation**
@@ -215,7 +215,7 @@ ADMX Info:
-This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.
+This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.
If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps.
@@ -227,7 +227,7 @@ If you disable or don't configure this policy setting, Windows Store apps can op
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block launching desktop apps associated with a URI scheme*
- GP name: *AppxRuntimeBlockProtocolElevation*
- GP path: *Windows Components\App runtime*
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index 0b7733a5a2..f495e736eb 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_AttachmentManager.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_AttachmentManager
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AttachmentManager policies
+## ADMX_AttachmentManager policies
@@ -48,7 +48,7 @@ manager: aaroncz
-**ADMX_AttachmentManager/AM_EstimateFileHandlerRisk**
+**ADMX_AttachmentManager/AM_EstimateFileHandlerRisk**
@@ -89,7 +89,7 @@ If you don't configure this policy setting, Windows uses its default trust logic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Trust logic for file attachments*
- GP name: *AM_EstimateFileHandlerRisk*
- GP path: *Windows Components\Attachment Manager*
@@ -100,7 +100,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetFileRiskLevel**
+**ADMX_AttachmentManager/AM_SetFileRiskLevel**
@@ -141,7 +141,7 @@ If you don't configure this policy setting, Windows sets the default risk level
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default risk level for file attachments*
- GP name: *AM_SetFileRiskLevel*
- GP path: *Windows Components\Attachment Manager*
@@ -152,7 +152,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetHighRiskInclusion**
+**ADMX_AttachmentManager/AM_SetHighRiskInclusion**
@@ -189,7 +189,7 @@ If you don't configure this policy setting, Windows uses its built-in list of hi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Inclusion list for high risk file types*
- GP name: *AM_SetHighRiskInclusion*
- GP path: *Windows Components\Attachment Manager*
@@ -200,7 +200,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetLowRiskInclusion**
+**ADMX_AttachmentManager/AM_SetLowRiskInclusion**
@@ -237,7 +237,7 @@ If you don't configure this policy setting, Windows uses its default trust logic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Inclusion list for low file types*
- GP name: *AM_SetLowRiskInclusion*
- GP path: *Windows Components\Attachment Manager*
@@ -248,7 +248,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetModRiskInclusion**
+**ADMX_AttachmentManager/AM_SetModRiskInclusion**
@@ -285,7 +285,7 @@ If you don't configure this policy setting, Windows uses its default trust logic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Inclusion list for moderate risk file types*
- GP name: *AM_SetModRiskInclusion*
- GP path: *Windows Components\Attachment Manager*
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index d3fbdfca47..ba2080b6b3 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_AuditSettings.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_AuditSettings.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AuditSettings policies
+## ADMX_AuditSettings policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_AuditSettings/IncludeCmdLine**
+**ADMX_AuditSettings/IncludeCmdLine**
@@ -76,7 +76,7 @@ Default is Not configured.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Include command line in process creation events*
- GP name: *IncludeCmdLine*
- GP path: *System/Audit Process Creation*
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 52c73b763f..d60708eecf 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_Bits.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/20/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Bits
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Bits policies
+## ADMX_Bits policies
@@ -75,7 +75,7 @@ manager: aaroncz
-**ADMX_Bits/BITS_DisableBranchCache**
+**ADMX_Bits/BITS_DisableBranchCache**
@@ -109,11 +109,11 @@ If you disable or don't configure this policy setting, the BITS client uses Wind
> [!NOTE]
> This policy setting doesn't affect the use of Windows Branch Cache by applications other than BITS. This policy setting doesn't apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow the BITS client to use Windows Branch Cache*
- GP name: *BITS_DisableBranchCache*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -124,7 +124,7 @@ ADMX Info:
-**ADMX_Bits/BITS_DisablePeercachingClient**
+**ADMX_Bits/BITS_DisablePeercachingClient**
@@ -163,7 +163,7 @@ If you disable or don't configure this policy setting, the computer attempts to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow the computer to act as a BITS Peercaching client*
- GP name: *BITS_DisablePeercachingClient*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -174,7 +174,7 @@ ADMX Info:
-**ADMX_Bits/BITS_DisablePeercachingServer**
+**ADMX_Bits/BITS_DisablePeercachingServer**
@@ -213,7 +213,7 @@ If you disable or don't configure this policy setting, the computer will offer d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow the computer to act as a BITS Peercaching server*
- GP name: *BITS_DisablePeercachingServer*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -225,7 +225,7 @@ ADMX Info:
-**ADMX_Bits/BITS_EnablePeercaching**
+**ADMX_Bits/BITS_EnablePeercaching**
@@ -263,7 +263,7 @@ If you disable or don't configure this policy setting, the BITS peer caching fea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow BITS Peercaching*
- GP name: *BITS_EnablePeercaching*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -275,7 +275,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxBandwidthServedForPeers**
+**ADMX_Bits/BITS_MaxBandwidthServedForPeers**
@@ -311,13 +311,13 @@ If you enable this policy setting, you can enter a value in bits per second (bps
If you disable this policy setting or don't configure it, the default value of 30 percent of the slowest active network interface will be used.
-> [!NOTE]
+> [!NOTE]
> This setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum network bandwidth used for Peercaching*
- GP name: *BITS_MaxBandwidthServedForPeers*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -328,7 +328,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**
+**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**
@@ -368,7 +368,7 @@ If you disable or don't configure this policy setting, the limits defined for wo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers*
- GP name: *BITS_MaxBandwidthV2_Maintenance*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -380,7 +380,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxBandwidthV2_Work**
+**ADMX_Bits/BITS_MaxBandwidthV2_Work**
@@ -417,7 +417,7 @@ If you disable or don't configure this policy setting, BITS uses all available u
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers*
- GP name: *BITS_MaxBandwidthV2_Work*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -429,7 +429,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxCacheSize**
+**ADMX_Bits/BITS_MaxCacheSize**
@@ -467,7 +467,7 @@ If you disable or don't configure this policy setting, the default size of the B
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the BITS Peercache size*
- GP name: *BITS_MaxCacheSize*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -478,7 +478,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxContentAge**
+**ADMX_Bits/BITS_MaxContentAge**
@@ -516,7 +516,7 @@ If you disable or don't configure this policy setting, files that haven't been a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the age of files in the BITS Peercache*
- GP name: *BITS_MaxContentAge*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -527,7 +527,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxDownloadTime**
+**ADMX_Bits/BITS_MaxDownloadTime**
@@ -567,7 +567,7 @@ If you disable or don't configure this policy setting, the default value of 90 d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum BITS job download time*
- GP name: *BITS_MaxDownloadTime*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -578,7 +578,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxFilesPerJob**
+**ADMX_Bits/BITS_MaxFilesPerJob**
@@ -617,7 +617,7 @@ If you disable or don't configure this policy setting, BITS will use the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of files allowed in a BITS job*
- GP name: *BITS_MaxFilesPerJob*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -628,7 +628,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxJobsPerMachine**
+**ADMX_Bits/BITS_MaxJobsPerMachine**
@@ -667,7 +667,7 @@ If you disable or don't configure this policy setting, BITS will use the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of BITS jobs for this computer*
- GP name: *BITS_MaxJobsPerMachine*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -678,7 +678,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxJobsPerUser**
+**ADMX_Bits/BITS_MaxJobsPerUser**
@@ -717,7 +717,7 @@ If you disable or don't configure this policy setting, BITS will use the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of BITS jobs for each user*
- GP name: *BITS_MaxJobsPerUser*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -728,7 +728,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxRangesPerFile**
+**ADMX_Bits/BITS_MaxRangesPerFile**
@@ -767,7 +767,7 @@ If you disable or don't configure this policy setting, BITS will limit ranges to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of ranges that can be added to the file in a BITS job*
- GP name: *BITS_MaxRangesPerFile*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 86f2b2d508..8b03be11b7 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_CipherSuiteOrder.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/17/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_CipherSuiteOrder
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CipherSuiteOrder policies
+## ADMX_CipherSuiteOrder policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**
+**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**
@@ -77,7 +77,7 @@ For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Sc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SSL Cipher Suite Order*
- GP name: *SSLCipherSuiteOrder*
- GP path: *Network/SSL Configuration Settings*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_CipherSuiteOrder/SSLCurveOrder**
+**ADMX_CipherSuiteOrder/SSLCurveOrder**
@@ -137,7 +137,7 @@ CertUtil.exe -DisplayEccCurve
-ADMX Info:
+ADMX Info:
- GP Friendly name: *ECC Curve Order*
- GP name: *SSLCurveOrder*
- GP path: *Network/SSL Configuration Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 8426131fb5..e98e447d36 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_COM.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/18/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_COM
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_COM policies
+## ADMX_COM policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_COM/AppMgmt_COM_SearchForCLSID_1**
+**ADMX_COM/AppMgmt_COM_SearchForCLSID_1**
@@ -79,7 +79,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Download missing COM components*
- GP name: *AppMgmt_COM_SearchForCLSID_1*
- GP path: *System*
@@ -92,7 +92,7 @@ ADMX Info:
-**ADMX_COM/AppMgmt_COM_SearchForCLSID_2**
+**ADMX_COM/AppMgmt_COM_SearchForCLSID_2**
@@ -131,7 +131,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Download missing COM components*
- GP name: *AppMgmt_COM_SearchForCLSID_2*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index 55e7b8a33f..859b2de089 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_ControlPanel.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/05/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_ControlPanel
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ControlPanel policies
+## ADMX_ControlPanel policies
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_ControlPanel/DisallowCpls**
+**ADMX_ControlPanel/DisallowCpls**
@@ -83,7 +83,7 @@ To hide a Control Panel item, enable this policy setting and click Show to acces
If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored.
> [!NOTE]
-> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.
+> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.
>
>To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
@@ -91,7 +91,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide specified Control Panel items*
- GP name: *DisallowCpls*
- GP path: *Control Panel*
@@ -102,7 +102,7 @@ ADMX Info:
-**ADMX_ControlPanel/ForceClassicControlPanel**
+**ADMX_ControlPanel/ForceClassicControlPanel**
@@ -128,7 +128,7 @@ ADMX Info:
-This policy setting controls the default Control Panel view, whether by category or icons.
+This policy setting controls the default Control Panel view, whether by category or icons.
If this policy setting is enabled, the Control Panel opens to the icon view.
@@ -143,7 +143,7 @@ If this policy setting isn't configured, the Control Panel opens to the view use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always open All Control Panel Items when opening Control Panel*
- GP name: *ForceClassicControlPanel*
- GP path: *Control Panel*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_ControlPanel/NoControlPanel**
+**ADMX_ControlPanel/NoControlPanel**
@@ -202,7 +202,7 @@ If users try to select a Control Panel item from the Properties item on a contex
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to Control Panel and PC settings*
- GP name: *NoControlPanel*
- GP path: *Control Panel*
@@ -213,7 +213,7 @@ ADMX Info:
-**ADMX_ControlPanel/RestrictCpls**
+**ADMX_ControlPanel/RestrictCpls**
@@ -256,7 +256,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show only specified Control Panel items*
- GP name: *RestrictCpls*
- GP path: *Control Panel*
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 637df89faf..059b11b086 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_ControlPanelDisplay.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/05/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_ControlPanelDisplay
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ControlPanelDisplay policies
+## ADMX_ControlPanelDisplay policies
@@ -105,7 +105,7 @@ manager: aaroncz
-**ADMX_ControlPanelDisplay/CPL_Display_Disable**
+**ADMX_ControlPanelDisplay/CPL_Display_Disable**
@@ -141,7 +141,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable the Display Control Panel*
- GP name: *CPL_Display_Disable*
- GP path: *Control Panel\Display*
@@ -152,7 +152,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Display_HideSettings**
+**ADMX_ControlPanelDisplay/CPL_Display_HideSettings**
@@ -186,7 +186,7 @@ This setting prevents users from using Control Panel to add, configure, or chang
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Settings tab*
- GP name: *CPL_Display_HideSettings*
- GP path: *Control Panel\Display*
@@ -197,7 +197,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice**
+**ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice**
@@ -234,7 +234,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing color scheme*
- GP name: *CPL_Personalization_DisableColorSchemeChoice*
- GP path: *Control Panel\Personalization*
@@ -245,7 +245,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange**
+**ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange**
@@ -283,7 +283,7 @@ If you disable or don't configure this setting, there's no effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing theme*
- GP name: *CPL_Personalization_DisableThemeChange*
- GP path: *Control Panel\Personalization*
@@ -294,7 +294,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle**
+**ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle**
@@ -329,7 +329,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing visual style for windows and buttons*
- GP name: *CPL_Personalization_DisableVisualStyle*
- GP path: *Control Panel\Personalization*
@@ -340,7 +340,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver**
+**ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver**
@@ -379,7 +379,7 @@ Also, see the "Prevent changing Screen Saver" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable screen saver*
- GP name: *CPL_Personalization_EnableScreenSaver*
- GP path: *Control Panel\Personalization*
@@ -390,7 +390,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen**
+**ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen**
@@ -431,7 +431,7 @@ This setting can be used in conjunction with the "Prevent changing lock screen a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific default lock screen and logon image*
- GP name: *CPL_Personalization_ForceDefaultLockScreen*
- GP path: *Control Panel\Personalization*
@@ -442,7 +442,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize**
+**ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize**
@@ -470,14 +470,14 @@ ADMX Info:
This setting prevents users from changing the size of the font in the windows and buttons displayed on their screens.
-If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled.
+If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled.
If you disable or don't configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit selection of visual style font size*
- GP name: *CPL_Personalization_LockFontSize*
- GP path: *Control Panel\Personalization*
@@ -488,7 +488,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen**
@@ -523,7 +523,7 @@ If you enable this setting, the user won't be able to change their lock screen a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing lock screen and logon image*
- GP name: *CPL_Personalization_NoChangingLockScreen*
- GP path: *Control Panel\Personalization*
@@ -534,7 +534,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground**
@@ -573,7 +573,7 @@ If the "Force a specific Start background" policy is also set on a supported ver
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing start menu background*
- GP name: *CPL_Personalization_NoChangingStartMenuBackground*
- GP path: *Control Panel\Personalization*
@@ -584,7 +584,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI**
@@ -621,7 +621,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing color and appearance*
- GP name: *CPL_Personalization_NoColorAppearanceUI*
- GP path: *Control Panel\Personalization*
@@ -632,7 +632,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI**
@@ -674,7 +674,7 @@ Also, see the "Allow only bitmapped wallpaper" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing desktop background*
- GP name: *CPL_Personalization_NoDesktopBackgroundUI*
- GP path: *Control Panel\Personalization*
@@ -685,7 +685,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI**
@@ -722,7 +722,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing desktop icons*
- GP name: *CPL_Personalization_NoDesktopIconsUI*
- GP path: *Control Panel\Personalization*
@@ -733,7 +733,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen**
@@ -768,7 +768,7 @@ If you disable or don't configure this policy setting, users that aren't require
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display the lock screen*
- GP name: *CPL_Personalization_NoLockScreen*
- GP path: *Control Panel\Personalization*
@@ -779,7 +779,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI**
@@ -814,7 +814,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing mouse pointers*
- GP name: *CPL_Personalization_NoMousePointersUI*
- GP path: *Control Panel\Personalization*
@@ -825,7 +825,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI**
@@ -858,7 +858,7 @@ This setting also prevents users from using Control Panel to add, configure, or
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing screen saver*
- GP name: *CPL_Personalization_NoScreenSaverUI*
- GP path: *Control Panel\Personalization*
@@ -869,7 +869,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI**
@@ -904,7 +904,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing sounds*
- GP name: *CPL_Personalization_NoSoundSchemeUI*
- GP path: *Control Panel\Personalization*
@@ -915,7 +915,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors**
+**ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors**
@@ -950,7 +950,7 @@ If this setting is enabled, the background and accent colors of Windows will be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific background and accent color*
- GP name: *CPL_Personalization_PersonalColors*
- GP path: *Control Panel\Personalization*
@@ -961,7 +961,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure**
+**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure**
@@ -1003,7 +1003,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Password protect the screen saver*
- GP name: *CPL_Personalization_ScreenSaverIsSecure*
- GP path: *Control Panel\Personalization*
@@ -1014,7 +1014,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut**
+**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut**
@@ -1057,7 +1057,7 @@ When not configured, whatever wait time is set on the client through the Screen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Screen saver timeout*
- GP name: *CPL_Personalization_ScreenSaverTimeOut*
- GP path: *Control Panel\Personalization*
@@ -1068,7 +1068,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver**
+**ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver**
@@ -1110,7 +1110,7 @@ If the specified screen saver isn't installed on a computer to which this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force specific screen saver*
- GP name: *CPL_Personalization_SetScreenSaver*
- GP path: *Control Panel\Personalization*
@@ -1121,7 +1121,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme**
+**ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme**
@@ -1156,7 +1156,7 @@ If you disable or don't configure this setting, the default theme will be applie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Load a specific theme*
- GP name: *CPL_Personalization_SetTheme*
- GP path: *Control Panel\Personalization*
@@ -1167,7 +1167,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle**
+**ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle**
@@ -1211,7 +1211,7 @@ If you disable or don't configure this setting, the users can select the visual
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific visual style file or force Windows Classic*
- GP name: *CPL_Personalization_SetVisualStyle*
- GP path: *Control Panel\Personalization*
@@ -1222,7 +1222,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground**
+**ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground**
@@ -1257,7 +1257,7 @@ If this setting is set to a nonzero value, then Start uses the specified backgro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific Start background*
- GP name: *CPL_Personalization_StartBackground*
- GP path: *Control Panel\Personalization*
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index b7c40099e2..481b2ebb18 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_Cpls.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/26/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Cpls
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Cpls policies
+## ADMX_Cpls policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_Cpls/UseDefaultTile**
+**ADMX_Cpls/UseDefaultTile**
@@ -64,7 +64,7 @@ manager: aaroncz
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
-> [!NOTE]
+> [!NOTE]
> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed.
If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
@@ -75,7 +75,7 @@ If you disable or do not configure this policy setting, users will be able to cu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Apply the default account picture to all users*
- GP name: *UseDefaultTile*
- GP path: *Control Panel/User Accounts*
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index b72ed7c028..ab23b0a57d 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_CredentialProviders.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/11/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_CredentialProviders
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CredentialProviders policies
+## ADMX_CredentialProviders policies
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_CredentialProviders/AllowDomainDelayLock**
+**ADMX_CredentialProviders/AllowDomainDelayLock**
@@ -83,7 +83,7 @@ If you don't configure this policy setting on a workgroup device, a user on a Co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to select when a password is required when resuming from connected standby*
- GP name: *AllowDomainDelayLock*
- GP path: *System\Logon*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_CredentialProviders/DefaultCredentialProvider**
+**ADMX_CredentialProviders/DefaultCredentialProvider**
@@ -132,7 +132,7 @@ If you disable or don't configure this policy setting, the system picks the defa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Assign a default credential provider*
- GP name: *DefaultCredentialProvider*
- GP path: *System\Logon*
@@ -144,7 +144,7 @@ ADMX Info:
-**ADMX_CredentialProviders/ExcludedCredentialProviders**
+**ADMX_CredentialProviders/ExcludedCredentialProviders**
@@ -170,7 +170,7 @@ ADMX Info:
-This policy setting allows the administrator to exclude the specified credential providers from use during authentication.
+This policy setting allows the administrator to exclude the specified credential providers from use during authentication.
> [!NOTE]
> Credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication).
@@ -182,7 +182,7 @@ If you disable or do not configure this policy, all installed and otherwise enab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Exclude credential providers*
- GP name: *ExcludedCredentialProviders*
- GP path: *System\Logon*
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index fb4a63852b..eb460250a1 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_CredSsp.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/12/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_CredSsp
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CredSsp policies
+## ADMX_CredSsp policies
@@ -66,7 +66,7 @@ manager: aaroncz
-**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly**
+**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly**
@@ -113,7 +113,7 @@ If you disable or don't configure (by default) this policy setting, delegation o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating default credentials with NTLM-only server authentication*
- GP name: *AllowDefCredentialsWhenNTLMOnly*
- GP path: *System\Credentials Delegation*
@@ -124,7 +124,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowDefaultCredentials**
+**ADMX_CredSsp/AllowDefaultCredentials**
@@ -175,7 +175,7 @@ https://go.microsoft.com/fwlink/?LinkId=301508
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating default credentials*
- GP name: *AllowDefaultCredentials*
- GP path: *System\Credentials Delegation*
@@ -186,7 +186,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowEncryptionOracle**
+**ADMX_CredSsp/AllowEncryptionOracle**
@@ -218,7 +218,7 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att
If you enable this policy setting, CredSSP version support will be selected based on the following options:
-- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients.
+- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients.
> [!NOTE]
> This setting should not be deployed until all remote hosts support the newest version.
@@ -232,7 +232,7 @@ For more information about the vulnerability and servicing requirements for prot
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Encryption Oracle Remediation*
- GP name: *AllowEncryptionOracle*
- GP path: *System\Credentials Delegation*
@@ -243,7 +243,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowFreshCredentials**
+**ADMX_CredSsp/AllowFreshCredentials**
@@ -291,7 +291,7 @@ If you disable this policy setting, delegation of fresh credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating fresh credentials*
- GP name: *AllowFreshCredentials*
- GP path: *System\Credentials Delegation*
@@ -302,7 +302,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly**
+**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly**
@@ -350,7 +350,7 @@ If you disable this policy setting, delegation of fresh credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating fresh credentials with NTLM-only server authentication*
- GP name: *AllowFreshCredentialsWhenNTLMOnly*
- GP path: *System\Credentials Delegation*
@@ -361,7 +361,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowSavedCredentials**
+**ADMX_CredSsp/AllowSavedCredentials**
@@ -409,7 +409,7 @@ If you disable this policy setting, delegation of saved credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating saved credentials*
- GP name: *AllowSavedCredentials*
- GP path: *System\Credentials Delegation*
@@ -420,7 +420,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly**
+**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly**
@@ -468,7 +468,7 @@ If you disable this policy setting, delegation of saved credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating saved credentials with NTLM-only server authentication*
- GP name: *AllowSavedCredentialsWhenNTLMOnly*
- GP path: *System\Credentials Delegation*
@@ -479,7 +479,7 @@ ADMX Info:
-**ADMX_CredSsp/DenyDefaultCredentials**
+**ADMX_CredSsp/DenyDefaultCredentials**
@@ -525,7 +525,7 @@ This policy setting can be used in combination with the "Allow delegating defaul
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny delegating default credentials*
- GP name: *DenyDefaultCredentials*
- GP path: *System\Credentials Delegation*
@@ -536,7 +536,7 @@ ADMX Info:
-**ADMX_CredSsp/DenyFreshCredentials**
+**ADMX_CredSsp/DenyFreshCredentials**
@@ -582,7 +582,7 @@ This policy setting can be used in combination with the "Allow delegating fresh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny delegating fresh credentials*
- GP name: *DenyFreshCredentials*
- GP path: *System\Credentials Delegation*
@@ -593,7 +593,7 @@ ADMX Info:
-**ADMX_CredSsp/DenySavedCredentials**
+**ADMX_CredSsp/DenySavedCredentials**
@@ -639,7 +639,7 @@ This policy setting can be used in combination with the "Allow delegating saved
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny delegating saved credentials*
- GP name: *DenySavedCredentials*
- GP path: *System\Credentials Delegation*
@@ -650,7 +650,7 @@ ADMX Info:
-**ADMX_CredSsp/RestrictedRemoteAdministration**
+**ADMX_CredSsp/RestrictedRemoteAdministration**
@@ -697,7 +697,7 @@ If you disable or don't configure this policy setting, Restricted Admin and Remo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict delegation of credentials to remote servers*
- GP name: *RestrictedRemoteAdministration*
- GP path: *System\Credentials Delegation*
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index 68623bfc04..9aba18f299 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_CredUI.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_CredUI
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CredUI policies
+## ADMX_CredUI policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_CredUI/EnableSecureCredentialPrompting**
+**ADMX_CredUI/EnableSecureCredentialPrompting**
@@ -77,7 +77,7 @@ If you disable or don't configure this policy setting, users will enter Windows
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require trusted path for credential entry*
- GP name: *EnableSecureCredentialPrompting*
- GP path: *Windows Components\Credential User Interface*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_CredUI/NoLocalPasswordResetQuestions**
+**ADMX_CredUI/NoLocalPasswordResetQuestions**
@@ -120,7 +120,7 @@ Available in the latest Windows 10 Insider Preview Build. If you turn on this po
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent the use of security questions for local accounts*
- GP name: *NoLocalPasswordResetQuestions*
- GP path: *Windows Components\Credential User Interface*
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 0d6a23d272..80a8a8f0fd 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_CtrlAltDel.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/26/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_CtrlAltDel
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CtrlAltDel policies
+## ADMX_CtrlAltDel policies
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_CtrlAltDel/DisableChangePassword**
+**ADMX_CtrlAltDel/DisableChangePassword**
@@ -81,7 +81,7 @@ However, users will still be able to change their password when prompted by the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Change Password*
- GP name: *DisableChangePassword*
- GP path: *System/Ctrl+Alt+Del Options*
@@ -93,7 +93,7 @@ ADMX Info:
-**ADMX_CtrlAltDel/DisableLockComputer**
+**ADMX_CtrlAltDel/DisableLockComputer**
@@ -133,7 +133,7 @@ If you disable or don't configure this policy setting, users will be able to loc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Lock Computer*
- GP name: *DisableLockWorkstation*
- GP path: *System/Ctrl+Alt+Del Options*
@@ -144,7 +144,7 @@ ADMX Info:
-**ADMX_CtrlAltDel/DisableTaskMgr**
+**ADMX_CtrlAltDel/DisableTaskMgr**
|Edition|Windows 10|Windows 11|
@@ -180,7 +180,7 @@ If you disable or don't configure this policy setting, users can access Task Man
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Task Manager*
- GP name: *DisableTaskMgr*
- GP path: *System/Ctrl+Alt+Del Options*
@@ -191,7 +191,7 @@ ADMX Info:
-**ADMX_CtrlAltDel/NoLogoff**
+**ADMX_CtrlAltDel/NoLogoff**
@@ -228,7 +228,7 @@ If you disable or don't configure this policy setting, users can see and select
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Logoff*
- GP name: *NoLogoff*
- GP path: *System/Ctrl+Alt+Del Options*
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 18b990f41a..657cdef18f 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_DataCollection.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_DataCollection policies
+## ADMX_DataCollection policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_DataCollection/CommercialIdPolicy**
+**ADMX_DataCollection/CommercialIdPolicy**
@@ -72,7 +72,7 @@ If you disable or don't configure this policy setting, then Microsoft won't be a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the Commercial ID*
- GP name: *CommercialIdPolicy*
- GP path: *Windows Components\Data Collection and Preview Builds*
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index f826ec41b1..16739693a2 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -4,8 +4,8 @@ description: Learn about the Policy CSP - ADMX_DCOM.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_DCOM
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DCOM policies
+## ADMX_DCOM policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**
+**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**
@@ -66,10 +66,10 @@ manager: aaroncz
This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
-
+
If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
-If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
+If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
@@ -79,7 +79,7 @@ If you don't configure this policy setting, DCOM will only look in the locally c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow local activation security check exemptions*
- GP name: *DCOMActivationSecurityCheckAllowLocalList*
- GP path: *Windows Components\AppCompat!AllowLocalActivationSecurityCheckExemptionList*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**
+**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**
@@ -116,42 +116,42 @@ ADMX Info:
-This policy setting allows you to view and change a list of DCOM server application IDs (app IDs), which are exempted from the DCOM Activation security check.
-DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.
-DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
+This policy setting allows you to view and change a list of DCOM server application IDs (app IDs), which are exempted from the DCOM Activation security check.
+DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.
+DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
DCOM server application IDs added to this policy must be listed in curly brace format.
For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
-If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.
+If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.
-If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
-If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local
+If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
+If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local
settings.
-If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
-
+If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
+
If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
-If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.
+If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.
->[!Note]
+>[!Note]
> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
-
-This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
-The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
-DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.
+This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
+
+The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
+DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.
> [!NOTE]
> Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present.
->
+>
> [!NOTE]
> This policy setting applies to all sites in Trusted zones.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow local activation security check exemptions*
- GP name: *DCOMActivationSecurityCheckExemptionList*
- GP path: *Windows Components\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList*
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index c18835be26..7948964398 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Desktop.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/02/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Desktop
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Desktop policies
+## ADMX_Desktop policies
@@ -120,7 +120,7 @@ manager: aaroncz
-**ADMX_Desktop/AD_EnableFilter**
+**ADMX_Desktop/AD_EnableFilter**
@@ -158,7 +158,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable filter in Find dialog box*
- GP name: *AD_EnableFilter*
- GP path: *Desktop\Active Directory*
@@ -169,7 +169,7 @@ ADMX Info:
-**ADMX_Desktop/AD_HideDirectoryFolder**
+**ADMX_Desktop/AD_HideDirectoryFolder**
@@ -209,7 +209,7 @@ This setting is designed to let users search Active Directory but not tempt them
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Active Directory folder*
- GP name: *AD_HideDirectoryFolder*
- GP path: *Desktop\Active Directory*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_Desktop/AD_QueryLimit**
+**ADMX_Desktop/AD_QueryLimit**
@@ -258,7 +258,7 @@ This setting is designed to protect the network and the domain controller from t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maximum size of Active Directory searches*
- GP name: *AD_QueryLimit*
- GP path: *Desktop\Active Directory*
@@ -269,7 +269,7 @@ ADMX Info:
-**ADMX_Desktop/ForceActiveDesktopOn**
+**ADMX_Desktop/ForceActiveDesktopOn**
@@ -307,7 +307,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Active Desktop*
- GP name: *ForceActiveDesktopOn*
- GP path: *Desktop\Desktop*
@@ -318,7 +318,7 @@ ADMX Info:
-**ADMX_Desktop/NoActiveDesktop**
+**ADMX_Desktop/NoActiveDesktop**
@@ -357,7 +357,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable Active Desktop*
- GP name: *NoActiveDesktop*
- GP path: *Desktop\Desktop*
@@ -368,7 +368,7 @@ ADMX Info:
-**ADMX_Desktop/NoActiveDesktopChanges**
+**ADMX_Desktop/NoActiveDesktopChanges**
@@ -401,7 +401,7 @@ This setting is a comprehensive one that locks down the configuration you establ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit changes*
- GP name: *NoActiveDesktopChanges*
- GP path: *Desktop\Desktop*
@@ -412,7 +412,7 @@ ADMX Info:
-**ADMX_Desktop/NoDesktop**
+**ADMX_Desktop/NoDesktop**
@@ -448,7 +448,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide and disable all items on the desktop*
- GP name: *NoDesktop*
- GP path: *Desktop*
@@ -459,7 +459,7 @@ ADMX Info:
-**ADMX_Desktop/NoDesktopCleanupWizard**
+**ADMX_Desktop/NoDesktopCleanupWizard**
@@ -498,7 +498,7 @@ If you disable this setting or don't configure it, the default behavior of the D
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the Desktop Cleanup Wizard*
- GP name: *NoDesktopCleanupWizard*
- GP path: *Desktop*
@@ -509,7 +509,7 @@ ADMX Info:
-**ADMX_Desktop/NoInternetIcon**
+**ADMX_Desktop/NoInternetIcon**
@@ -543,7 +543,7 @@ This setting doesn't prevent the user from starting Internet Explorer by using o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Internet Explorer icon on desktop*
- GP name: *NoInternetIcon*
- GP path: *Desktop*
@@ -554,7 +554,7 @@ ADMX Info:
-**ADMX_Desktop/NoMyComputerIcon**
+**ADMX_Desktop/NoMyComputerIcon**
@@ -595,7 +595,7 @@ If you don't configure this setting, the default is to display Computer as usual
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Computer icon on the desktop*
- GP name: *NoMyComputerIcon*
- GP path: *Desktop*
@@ -606,7 +606,7 @@ ADMX Info:
-**ADMX_Desktop/NoMyDocumentsIcon**
+**ADMX_Desktop/NoMyDocumentsIcon**
@@ -646,7 +646,7 @@ This setting doesn't remove the My Documents icon from the Start menu. To do so,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove My Documents icon on the desktop*
- GP name: *NoMyDocumentsIcon*
- GP path: *Desktop*
@@ -657,7 +657,7 @@ ADMX Info:
-**ADMX_Desktop/NoNetHood**
+**ADMX_Desktop/NoNetHood**
@@ -694,7 +694,7 @@ This setting only affects the desktop icon. It doesn't prevent users from connec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Network Locations icon on desktop*
- GP name: *NoNetHood*
- GP path: *Desktop*
@@ -705,7 +705,7 @@ ADMX Info:
-**ADMX_Desktop/NoPropertiesMyComputer**
+**ADMX_Desktop/NoPropertiesMyComputer**
@@ -741,7 +741,7 @@ If you disable or don't configure this setting, the Properties option is display
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Properties from the Computer icon context menu*
- GP name: *NoPropertiesMyComputer*
- GP path: *Desktop*
@@ -752,7 +752,7 @@ ADMX Info:
-**ADMX_Desktop/NoPropertiesMyDocuments**
+**ADMX_Desktop/NoPropertiesMyDocuments**
@@ -791,7 +791,7 @@ If you disable or don't configure this policy setting, the Properties menu comma
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Properties from the Documents icon context menu*
- GP name: *NoPropertiesMyDocuments*
- GP path: *Desktop*
@@ -802,7 +802,7 @@ ADMX Info:
-**ADMX_Desktop/NoRecentDocsNetHood**
+**ADMX_Desktop/NoRecentDocsNetHood**
@@ -838,7 +838,7 @@ If you enable this setting, shared folders aren't added to Network Locations aut
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not add shares of recently opened documents to Network Locations*
- GP name: *NoRecentDocsNetHood*
- GP path: *Desktop*
@@ -849,7 +849,7 @@ ADMX Info:
-**ADMX_Desktop/NoRecycleBinIcon**
+**ADMX_Desktop/NoRecycleBinIcon**
@@ -887,7 +887,7 @@ This setting doesn't prevent the user from using other methods to gain access to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Recycle Bin icon from desktop*
- GP name: *NoRecycleBinIcon*
- GP path: *Desktop*
@@ -898,7 +898,7 @@ ADMX Info:
-**ADMX_Desktop/NoRecycleBinProperties**
+**ADMX_Desktop/NoRecycleBinProperties**
@@ -934,7 +934,7 @@ If you disable or don't configure this setting, the Properties option is display
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Properties from the Recycle Bin context menu*
- GP name: *NoRecycleBinProperties*
- GP path: *Desktop*
@@ -945,7 +945,7 @@ ADMX Info:
-**ADMX_Desktop/NoSaveSettings**
+**ADMX_Desktop/NoSaveSettings**
@@ -979,7 +979,7 @@ If you enable this setting, users can change the desktop, but some changes, such
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Don't save settings at exit*
- GP name: *NoSaveSettings*
- GP path: *Desktop*
@@ -990,7 +990,7 @@ ADMX Info:
-**ADMX_Desktop/NoWindowMinimizingShortcuts**
+**ADMX_Desktop/NoWindowMinimizingShortcuts**
@@ -1025,7 +1025,7 @@ If you disable or don't configure this policy, this window minimizing and restor
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Aero Shake window minimizing mouse gesture*
- GP name: *NoWindowMinimizingShortcuts*
- GP path: *Desktop*
@@ -1036,7 +1036,7 @@ ADMX Info:
-**ADMX_Desktop/Wallpaper**
+**ADMX_Desktop/Wallpaper**
@@ -1078,7 +1078,7 @@ Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Desktop Wallpaper*
- GP name: *Wallpaper*
- GP path: *Desktop\Desktop*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableAdd**
+**ADMX_Desktop/sz_ATC_DisableAdd**
@@ -1124,7 +1124,7 @@ Also, see the "Disable all items" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit adding items*
- GP name: *sz_ATC_DisableAdd*
- GP path: *Desktop\Desktop*
@@ -1135,7 +1135,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableClose**
+**ADMX_Desktop/sz_ATC_DisableClose**
@@ -1174,7 +1174,7 @@ If you enable this setting, items added to the desktop can't be closed; they alw
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit closing items*
- GP name: *sz_ATC_DisableClose*
- GP path: *Desktop\Desktop*
@@ -1185,7 +1185,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableDel**
+**ADMX_Desktop/sz_ATC_DisableDel**
@@ -1223,7 +1223,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit deleting items*
- GP name: *sz_ATC_DisableDel*
- GP path: *Desktop\Desktop*
@@ -1234,7 +1234,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableEdit**
+**ADMX_Desktop/sz_ATC_DisableEdit**
@@ -1268,7 +1268,7 @@ This setting disables the Properties button on the Web tab in Display in Control
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit editing items*
- GP name: *sz_ATC_DisableEdit*
- GP path: *Desktop\Desktop*
@@ -1279,7 +1279,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_NoComponents**
+**ADMX_Desktop/sz_ATC_NoComponents**
@@ -1305,7 +1305,7 @@ ADMX Info:
-Removes Active Desktop content and prevents users from adding Active Desktop content.
+Removes Active Desktop content and prevents users from adding Active Desktop content.
This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop.
@@ -1316,7 +1316,7 @@ This setting removes all Active Desktop items from the desktop. It also removes
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable all items*
- GP name: *sz_ATC_NoComponents*
- GP path: *Desktop\Desktop*
@@ -1327,7 +1327,7 @@ ADMX Info:
-**ADMX_Desktop/sz_AdminComponents_Title**
+**ADMX_Desktop/sz_AdminComponents_Title**
@@ -1369,7 +1369,7 @@ You can also use this setting to delete particular Web-based items from users' d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add/Delete items*
- GP name: *sz_AdminComponents_Title*
- GP path: *Desktop\Desktop*
@@ -1380,7 +1380,7 @@ ADMX Info:
-**ADMX_Desktop/sz_DB_DragDropClose**
+**ADMX_Desktop/sz_DB_DragDropClose**
@@ -1422,7 +1422,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars*
- GP name: *sz_DB_DragDropClose*
- GP path: *Desktop*
@@ -1433,7 +1433,7 @@ ADMX Info:
-**ADMX_Desktop/sz_DB_Moving**
+**ADMX_Desktop/sz_DB_Moving**
@@ -1472,7 +1472,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit adjusting desktop toolbars*
- GP name: *sz_DB_Moving*
- GP path: *Desktop*
@@ -1483,7 +1483,7 @@ ADMX Info:
-**ADMX_Desktop/sz_DWP_NoHTMLPaper**
+**ADMX_Desktop/sz_DWP_NoHTMLPaper**
@@ -1517,7 +1517,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow only bitmapped wallpaper*
- GP name: *sz_DWP_NoHTMLPaper*
- GP path: *Desktop\Desktop*
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index b2ca71c22d..4391477405 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_DeviceCompat.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/09/2021
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_DeviceCompat
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceCompat policies
+## ADMX_DeviceCompat policies
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_DeviceCompat/DeviceFlags**
+**ADMX_DeviceCompat/DeviceFlags**
@@ -69,7 +69,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Device compatibility settings*
- GP name: *DeviceFlags*
- GP path: *Windows Components\Device and Driver Compatibility*
@@ -80,7 +80,7 @@ ADMX Info:
-**ADMX_DeviceCompat/DriverShims**
+**ADMX_DeviceCompat/DriverShims**
@@ -111,7 +111,7 @@ Changes behavior of third-party drivers to work around incompatibilities introdu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Driver compatibility settings*
- GP name: *DriverShims*
- GP path: *Windows Components\Device and Driver Compatibility*
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index d39a25209b..07d87543fe 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_DeviceGuard.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
@@ -18,16 +18,16 @@ manager: aaroncz
> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceGuard policies
+## ADMX_DeviceGuard policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DeviceGuard/ConfigCIPolicy**
+**ADMX_DeviceGuard/ConfigCIPolicy**
@@ -65,24 +65,24 @@ manager: aaroncz
-This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.
+This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.
-If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy.
+If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy.
-To enable this policy, the machine must be rebooted.
+To enable this policy, the machine must be rebooted.
The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
-or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
+or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
-The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
-If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
+The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
+If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
-- First update the policy to a non-protected policy and then disable the setting. (or)
+- First update the policy to a non-protected policy and then disable the setting. (or)
- Disable the setting and then remove the policy from each computer, with a physically present user.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deploy Windows Defender Application Control*
- GP name: *ConfigCIPolicy*
- GP path: *Windows Components/DeviceGuard!DeployConfigCIPolicy*
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index 1da8e03482..4ec0b160fd 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_DeviceInstallation.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/19/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_DeviceInstallation
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceInstallation policies
+## ADMX_DeviceInstallation policies
@@ -57,7 +57,7 @@ manager: aaroncz
-**ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall**
+**ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall**
@@ -93,7 +93,7 @@ If you disable or don't configure this policy setting, members of the Administra
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow administrators to override Device Installation Restriction policies*
- GP name: *DeviceInstall_AllowAdminInstall*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -104,7 +104,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText**
+**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText**
@@ -140,7 +140,7 @@ If you disable or don't configure this policy setting, Windows displays a defaul
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display a custom message when installation is prevented by a policy setting*
- GP name: *DeviceInstall_DeniedPolicy_DetailText*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText**
+**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText**
@@ -187,7 +187,7 @@ If you disable or don't configure this policy setting, Windows displays a defaul
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display a custom message title when device installation is prevented by a policy setting*
- GP name: *DeviceInstall_DeniedPolicy_SimpleText*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -198,7 +198,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_InstallTimeout**
+**ADMX_DeviceInstallation/DeviceInstall_InstallTimeout**
@@ -224,7 +224,7 @@ ADMX Info:
-This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete.
+This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete.
If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation.
@@ -234,7 +234,7 @@ If you disable or don't configure this policy setting, Windows waits 240 seconds
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure device installation time-out*
- GP name: *DeviceInstall_InstallTimeout*
- GP path: *System\Device Installation*
@@ -245,7 +245,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime**
+**ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime**
@@ -284,7 +284,7 @@ If you disable or don't configure this policy setting, the system doesn't force
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Time (in seconds) to force reboot when required for policy changes to take effect*
- GP name: *DeviceInstall_Policy_RebootTime*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -295,7 +295,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_Removable_Deny**
+**ADMX_DeviceInstallation/DeviceInstall_Removable_Deny**
@@ -330,7 +330,7 @@ If you disable or don't configure this policy setting, Windows can install and u
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent installation of removable devices*
- GP name: *DeviceInstall_Removable_Deny*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -341,7 +341,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_SystemRestore**
+**ADMX_DeviceInstallation/DeviceInstall_SystemRestore**
@@ -367,7 +367,7 @@ ADMX Info:
-This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity.
+This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity.
If you enable this policy setting, Windows doesn't create a system restore point when one would normally be created.
@@ -377,7 +377,7 @@ If you disable or don't configure this policy setting, Windows creates a system
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point*
- GP name: *DeviceInstall_SystemRestore*
- GP path: *System\Device Installation*
@@ -388,7 +388,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser**
+**ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser**
@@ -425,7 +425,7 @@ If you disable or don't configure this policy setting, only members of the Admin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow non-administrators to install drivers for these device setup classes*
- GP name: *DriverInstall_Classes_AllowUser*
- GP path: *System\Device Installation*
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index d4559a5746..f29a552897 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/19/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DeviceSetup
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceSetup policies
+## ADMX_DeviceSetup policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DeviceSetup/DeviceInstall_BalloonTips**
+**ADMX_DeviceSetup/DeviceInstall_BalloonTips**
@@ -75,7 +75,7 @@ If you disable or don't configure this policy setting, "Found New Hardware" ball
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off "Found New Hardware" balloons during device installation*
- GP name: *DeviceInstall_BalloonTips*
- GP path: *System\Device Installation*
@@ -86,7 +86,7 @@ ADMX Info:
-**ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration**
+**ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration**
@@ -117,7 +117,7 @@ This policy setting allows you to specify the order in which Windows searches so
If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
>[!Note]
-> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates.
+> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates.
This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
@@ -126,7 +126,7 @@ If you disable or don't configure this policy setting, members of the Administra
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify search order for device driver source locations*
- GP name: *DriverSearchPlaces_SearchOrderConfiguration*
- GP path: *System\Device Installation*
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index 3a36dd326e..7a5e7d8921 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DFS
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DFS policies
+## ADMX_DFS policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_DFS/DFSDiscoverDC**
+**ADMX_DFS/DFSDiscoverDC**
@@ -61,12 +61,12 @@ manager: aaroncz
-This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
-By default, a DFS client attempts to discover domain controllers every 15 minutes.
+This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
+By default, a DFS client attempts to discover domain controllers every 15 minutes.
-If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
+If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
-If you disable or don't configure this policy setting, the default value of 15 minutes applies.
+If you disable or don't configure this policy setting, the default value of 15 minutes applies.
> [!NOTE]
> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
@@ -74,7 +74,7 @@ If you disable or don't configure this policy setting, the default value of 15 m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure how often a DFS client discovers domain controllers*
- GP name: *DFSDiscoverDC*
- GP path: *Windows Components\ActiveX Installer Service*
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index 4cb25e95d8..d8489566b1 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/31/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DigitalLocker
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DigitalLocker policies
+## ADMX_DigitalLocker policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1**
+**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1**
@@ -76,7 +76,7 @@ If you disable or don't configure this setting, Digital Locker can be run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Digital Locker to run*
- GP name: *Digitalx_DiableApplication_TitleText_1*
- GP path: *Windows Components/Digital Locker*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2**
+**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2**
@@ -125,7 +125,7 @@ If you disable or don't configure this setting, Digital Locker can be run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Digital Locker to run*
- GP name: *Digitalx_DiableApplication_TitleText_2*
- GP path: *Windows Components/Digital Locker*
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 9262266a8d..f2f068f538 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DiskDiagnostic
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DiskDiagnostic policies
+## ADMX_DiskDiagnostic policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DiskDiagnostic/DfdAlertPolicy**
+**ADMX_DiskDiagnostic/DfdAlertPolicy**
@@ -69,11 +69,11 @@ This policy setting substitutes custom alert text in the disk diagnostic message
If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
-No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
@@ -82,7 +82,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure custom alert text*
- GP name: *DfdAlertPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**
+**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**
@@ -120,27 +120,27 @@ ADMX Info:
-This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics.
+This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics.
Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
-
-If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+
+If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
-This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure execution level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 92b5a4725e..d74c45064e 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,12 +18,12 @@ manager: aaroncz
-## ADMX_DiskNVCache policies
+## ADMX_DiskNVCache policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,14 +36,14 @@ manager: aaroncz
-**ADMX_DiskNVCache/BootResumePolicy**
+**ADMX_DiskNVCache/BootResumePolicy**
|Edition|Windows 10|Windows 11|
@@ -68,20 +68,20 @@ manager: aaroncz
-This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.
+This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.
-If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
+If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
-The system determines the data that will be stored in the NV cache to optimize boot and resume.
+The system determines the data that will be stored in the NV cache to optimize boot and resume.
-The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
+The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
This policy setting is applicable only if the NV cache feature is on.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off boot and resume optimizations*
- GP name: *BootResumePolicy*
- GP path: *System\Disk NV Cache*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_DiskNVCache/FeatureOffPolicy**
+**ADMX_DiskNVCache/FeatureOffPolicy**
|Edition|Windows 10|Windows 11|
@@ -116,20 +116,20 @@ ADMX Info:
-This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system.
+This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system.
-To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
+To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
-If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode.
+If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode.
-If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.
+If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.
This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off non-volatile cache feature*
- GP name: *FeatureOffPolicy*
- GP path: *System\Disk NV Cache*
@@ -141,7 +141,7 @@ ADMX Info:
-**ADMX_DiskNVCache/SolidStatePolicy**
+**ADMX_DiskNVCache/SolidStatePolicy**
|Edition|Windows 10|Windows 11|
@@ -166,13 +166,13 @@ ADMX Info:
-This policy setting turns off the solid state mode for the hybrid hard disks.
+This policy setting turns off the solid state mode for the hybrid hard disks.
-If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
+If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
-This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
+This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
>[!Note]
> This policy setting is applicable only if the NV cache feature is on.
@@ -181,7 +181,7 @@ This can cause increased wear of the NV cache. If you don't configure this poli
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off solid state mode*
- GP name: *SolidStatePolicy*
- GP path: *System\Disk NV Cache*
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index bc75db6e4a..eca5056fc8 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,14 +18,14 @@ manager: aaroncz
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DiskQuota policies
+## ADMX_DiskQuota policies
@@ -53,7 +53,7 @@ manager: aaroncz
-**ADMX_DiskQuota/DQ_RemovableMedia**
+**ADMX_DiskQuota/DQ_RemovableMedia**
|Edition|Windows 10|Windows 11|
@@ -78,16 +78,16 @@ manager: aaroncz
-This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.
+This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.
-If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only.
+If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only.
When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Apply policy to removable media*
- GP name: *DQ_RemovableMedia*
- GP path: *System\Disk Quotas*
@@ -99,7 +99,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_Enable**
+**ADMX_DiskQuota/DQ_Enable**
|Edition|Windows 10|Windows 11|
@@ -124,24 +124,24 @@ ADMX Info:
-This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.
+This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.
If you enable this policy setting, disk quota management is turned on, and users can't turn it off.
-If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on.
+If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on.
To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.
-This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit.
+This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit.
-To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
+To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable disk quotas*
- GP name: *DQ_Enable*
- GP path: *System\Disk Quotas*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_Enforce**
+**ADMX_DiskQuota/DQ_Enforce**
|Edition|Windows 10|Windows 11|
@@ -179,22 +179,22 @@ ADMX Info:
-This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.
+This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.
-If you enable this policy setting, disk quota limits are enforced.
+If you enable this policy setting, disk quota limits are enforced.
-If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect.
+If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect.
-If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available.
+If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available.
-This policy setting overrides user settings that enable or disable quota enforcement on their volumes.
+This policy setting overrides user settings that enable or disable quota enforcement on their volumes.
To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce disk quota limit*
- GP name: *DQ_Enforce*
- GP path: *System\Disk Quotas*
@@ -207,7 +207,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_LogEventOverLimit**
+**ADMX_DiskQuota/DQ_LogEventOverLimit**
|Edition|Windows 10|Windows 11|
@@ -232,13 +232,13 @@ ADMX Info:
-This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
+This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
-If you enable this policy setting, the system records an event when the user reaches their limit.
+If you enable this policy setting, the system records an event when the user reaches their limit.
-If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
+If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
-This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes.
+This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes.
To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
@@ -246,7 +246,7 @@ To find the logging option, in My Computer, right-click the name of an NTFS file
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Log event when quota limit is exceeded*
- GP name: *DQ_LogEventOverLimit*
- GP path: *System\Disk Quotas*
@@ -258,7 +258,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_LogEventOverThreshold**
+**ADMX_DiskQuota/DQ_LogEventOverThreshold**
|Edition|Windows 10|Windows 11|
@@ -283,20 +283,20 @@ ADMX Info:
-This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
+This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
If you enable this policy setting, the system records an event.
-If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.
+If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.
-If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes.
+If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes.
To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Log event when quota warning level is exceeded*
- GP name: *DQ_LogEventOverThreshold*
- GP path: *System\Disk Quotas*
@@ -309,7 +309,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_Limit**
+**ADMX_DiskQuota/DQ_Limit**
|Edition|Windows 10|Windows 11|
@@ -334,20 +334,20 @@ ADMX Info:
-This policy setting specifies the default disk quota limit and warning level for new users of the volume.
-This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.
+This policy setting specifies the default disk quota limit and warning level for new users of the volume.
+This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.
-This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.
-This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
+This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.
+This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
-If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group.
+If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group.
This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify default quota limit and warning level*
- GP name: *DQ_Limit*
- GP path: *System\Disk Quotas*
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index 7efbc6544a..d4544fc733 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 03/22/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DistributedLinkTracking
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DistributedLinkTracking policies
+## ADMX_DistributedLinkTracking policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_DistributedLinkTracking/DLT_AllowDomainMode**
+**ADMX_DistributedLinkTracking/DLT_AllowDomainMode**
@@ -62,11 +62,11 @@ manager: aaroncz
-This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
+This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
-The DLT client can more reliably track links when allowed to use the DLT server.
+The DLT client can more reliably track links when allowed to use the DLT server.
This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain.
> [!NOTE]
@@ -75,7 +75,7 @@ This policy shouldn't be set unless the DLT server is running on all domain cont
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Distributed Link Tracking clients to use domain resources*
- GP name: *DLT_AllowDomainMode*
- GP path: *Windows\System!DLT_AllowDomainMode*
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 8af9f82bc0..4472593a26 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DnsClient
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DnsClient policies
+## ADMX_DnsClient policies
@@ -99,7 +99,7 @@ manager: aaroncz
-**ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries**
+**ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries**
|Edition|Windows 10|Windows 11|
@@ -134,7 +134,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow NetBT queries for fully qualified domain names*
- GP name: *DNS_AllowFQDNNetBiosQueries*
- GP path: *Network/DNS Client*
@@ -145,7 +145,7 @@ ADMX Info:
-**ADMX_DnsClient/DNS_AppendToMultiLabelName**
+**ADMX_DnsClient/DNS_AppendToMultiLabelName**
|Edition|Windows 10|Windows 11|
@@ -187,7 +187,7 @@ If you don't configure this policy setting, computers will use their local DNS c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow DNS suffix appending to unqualified multi-label name queries*
- GP name: *DNS_AppendToMultiLabelName*
- GP path: *Network/DNS Client*
@@ -199,7 +199,7 @@ ADMX Info:
-**ADMX_DnsClient/DNS_Domain**
+**ADMX_DnsClient/DNS_Domain**
|Edition|Windows 10|Windows 11|
@@ -226,7 +226,7 @@ ADMX Info:
This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
-If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
+If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
@@ -234,7 +234,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Connection-specific DNS suffix*
- GP name: *DNS_Domain*
- GP path: *Network/DNS Client*
@@ -246,7 +246,7 @@ ADMX Info:
-**ADMX_DnsClient/DNS_DomainNameDevolutionLevel**
+**ADMX_DnsClient/DNS_DomainNameDevolutionLevel**
|Edition|Windows 10|Windows 11|
@@ -279,7 +279,7 @@ The DNS client appends DNS suffixes to the single-label, unqualified domain name
Devolution isn't enabled if a global suffix search list is configured using Group Policy.
-If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
+If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
- The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
- Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
@@ -298,7 +298,7 @@ If you disable this policy setting or don't configure it, DNS clients use the de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Primary DNS suffix devolution level*
- GP name: *DNS_DomainNameDevolutionLevel*
- GP path: *Network/DNS Client*
@@ -346,7 +346,7 @@ If this policy setting is disabled, or if this policy setting isn't configured,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off IDN encoding*
- GP name: *DNS_IdnEncoding*
- GP path: *Network/DNS Client*
@@ -393,7 +393,7 @@ If this policy setting is disabled, or if this policy setting isn't configured,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IDN mapping*
- GP name: *DNS_IdnMapping*
- GP path: *Network/DNS Client*
@@ -434,7 +434,7 @@ This policy setting defines the DNS servers to which a computer sends queries wh
To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
-If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting.
+If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting.
If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
@@ -442,7 +442,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DNS servers*
- GP name: *DNS_NameServer*
- GP path: *Network/DNS Client*
@@ -491,7 +491,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prefer link local responses over DNS when received over a network with higher precedence*
- GP name: *DNS_PreferLocalResponsesOverLowerOrderDns*
- GP path: *Network/DNS Client*
@@ -545,7 +545,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Primary DNS suffix*
- GP name: *DNS_PrimaryDnsSuffix*
- GP path: *Network/DNS Client*
@@ -598,7 +598,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Register DNS records with connection-specific DNS suffix*
- GP name: *DNS_RegisterAdapterName*
- GP path: *Network/DNS Client*
@@ -652,7 +652,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Register PTR records*
- GP name: *DNS_RegisterReverseLookup*
- GP path: *Network/DNS Client*
@@ -699,7 +699,7 @@ If you disable this policy setting, computers may not use dynamic DNS registrati
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Dynamic update*
- GP name: *DNS_RegistrationEnabled*
- GP path: *Network/DNS Client*
@@ -750,7 +750,7 @@ If you disable this policy setting, existing (A) resource records that contain c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Replace addresses in conflicts*
- GP name: *DNS_RegistrationOverwritesInConflict*
- GP path: *Network/DNS Client*
@@ -804,7 +804,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Registration refresh interval*
- GP name: *DNS_RegistrationRefreshInterval*
- GP path: *Network/DNS Client*
@@ -853,7 +853,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *TTL value for A and PTR records*
- GP name: *DNS_RegistrationTtl*
- GP path: *Network/DNS Client*
@@ -906,7 +906,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DNS suffix search list*
- GP name: *DNS_SearchList*
- GP path: *Network/DNS Client*
@@ -954,7 +954,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off smart multi-homed name resolution*
- GP name: *DNS_SmartMultiHomedNameResolution*
- GP path: *Network/DNS Client*
@@ -993,9 +993,9 @@ ADMX Info:
This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
-If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.
+If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.
-If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks.
+If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks.
> [!NOTE]
> This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
@@ -1003,7 +1003,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off smart protocol reordering*
- GP name: *DNS_SmartProtocolReorder*
- GP path: *Network/DNS Client*
@@ -1056,7 +1056,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Update security level*
- GP name: *DNS_UpdateSecurityLevel*
- GP path: *Network/DNS Client*
@@ -1105,7 +1105,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Update top level domain zones*
- GP name: *DNS_UpdateTopLevelDomainZones*
- GP path: *Network/DNS Client*
@@ -1170,7 +1170,7 @@ If you disable this policy setting, DNS clients don't attempt to resolve names t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Primary DNS suffix devolution*
- GP name: *DNS_UseDomainNameDevolution*
- GP path: *Network/DNS Client*
@@ -1219,7 +1219,7 @@ If you disable this policy setting, or you don't configure this policy setting,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off multicast name resolution*
- GP name: *Turn_Off_Multicast*
- GP path: *Network/DNS Client*
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index 920a8c9d98..8c02ae060e 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/31/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DWM
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DWM policies
+## ADMX_DWM policies
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_DWM/DwmDefaultColorizationColor_1**
+**ADMX_DWM/DwmDefaultColorizationColor_1**
@@ -77,11 +77,11 @@ manager: aaroncz
-This policy setting controls the default color for window frames when the user doesn't specify a color.
+This policy setting controls the default color for window frames when the user doesn't specify a color.
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
-If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
> [!NOTE]
> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -89,7 +89,7 @@ If you disable or don't configure this policy setting, the default internal colo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify a default color*
- GP name: *DwmDefaultColorizationColor_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
@@ -101,7 +101,7 @@ ADMX Info:
-**ADMX_DWM/DwmDefaultColorizationColor_2**
+**ADMX_DWM/DwmDefaultColorizationColor_2**
@@ -127,11 +127,11 @@ ADMX Info:
-This policy setting controls the default color for window frames when the user doesn't specify a color.
+This policy setting controls the default color for window frames when the user doesn't specify a color.
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
-If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
> [!NOTE]
> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -140,7 +140,7 @@ If you disable or don't configure this policy setting, the default internal colo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify a default color*
- GP name: *DwmDefaultColorizationColor_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowAnimations_1**
+**ADMX_DWM/DwmDisallowAnimations_1**
@@ -177,11 +177,11 @@ ADMX Info:
-This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
+This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
-If you enable this policy setting, window animations are turned off.
+If you enable this policy setting, window animations are turned off.
-If you disable or don't configure this policy setting, window animations are turned on.
+If you disable or don't configure this policy setting, window animations are turned on.
Changing this policy setting requires a sign out for it to be applied.
@@ -189,7 +189,7 @@ Changing this policy setting requires a sign out for it to be applied.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow window animations*
- GP name: *DwmDisallowAnimations_1*
- GP path: *Windows Components/Desktop Window Manager*
@@ -200,7 +200,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowAnimations_2**
+**ADMX_DWM/DwmDisallowAnimations_2**
@@ -226,11 +226,11 @@ ADMX Info:
-This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
+This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
-If you enable this policy setting, window animations are turned off.
+If you enable this policy setting, window animations are turned off.
-If you disable or don't configure this policy setting, window animations are turned on.
+If you disable or don't configure this policy setting, window animations are turned on.
Changing this policy setting requires out a sign for it to be applied.
@@ -238,7 +238,7 @@ Changing this policy setting requires out a sign for it to be applied.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow window animations*
- GP name: *DwmDisallowAnimations_2*
- GP path: *Windows Components/Desktop Window Manager*
@@ -249,7 +249,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowColorizationColorChanges_1**
+**ADMX_DWM/DwmDisallowColorizationColorChanges_1**
@@ -275,11 +275,11 @@ ADMX Info:
-This policy setting controls the ability to change the color of window frames.
+This policy setting controls the ability to change the color of window frames.
-If you enable this policy setting, you prevent users from changing the default window frame color.
+If you enable this policy setting, you prevent users from changing the default window frame color.
-If you disable or don't configure this policy setting, you allow users to change the default window frame color.
+If you disable or don't configure this policy setting, you allow users to change the default window frame color.
> [!NOTE]
> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -288,7 +288,7 @@ If you disable or don't configure this policy setting, you allow users to change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow color changes*
- GP name: *DwmDisallowColorizationColorChanges_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
@@ -299,7 +299,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowColorizationColorChanges_2**
+**ADMX_DWM/DwmDisallowColorizationColorChanges_2**
@@ -325,19 +325,19 @@ ADMX Info:
-This policy setting controls the ability to change the color of window frames.
+This policy setting controls the ability to change the color of window frames.
-If you enable this policy setting, you prevent users from changing the default window frame color.
+If you enable this policy setting, you prevent users from changing the default window frame color.
-If you disable or don't configure this policy setting, you allow users to change the default window frame color.
+If you disable or don't configure this policy setting, you allow users to change the default window frame color.
-> [!NOTE]
+> [!NOTE]
> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow color changes*
- GP name: *DwmDisallowColorizationColorChanges_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index c08bae6677..3a7ebf1a7f 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/19/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EAIME
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EAIME policies
+## ADMX_EAIME policies
@@ -69,7 +69,7 @@ manager: aaroncz
-**ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList**
+**ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList**
@@ -110,7 +110,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not include Non-Publishing Standard Glyph in the candidate list*
- GP name: *L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList*
- GP path: *Windows Components\IME*
@@ -121,7 +121,7 @@ ADMX Info:
-**ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion**
+**ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion**
@@ -174,7 +174,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict character code range of conversion*
- GP name: *L_RestrictCharacterCodeRangeOfConversion*
- GP path: *Windows Components\IME*
@@ -185,7 +185,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffCustomDictionary**
+**ADMX_EAIME/L_TurnOffCustomDictionary**
@@ -228,7 +228,7 @@ This policy setting is applied to Japanese Microsoft IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off custom dictionary*
- GP name: *L_TurnOffCustomDictionary*
- GP path: *Windows Components\IME*
@@ -239,7 +239,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput**
+**ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput**
@@ -279,7 +279,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off history-based predictive input*
- GP name: *L_TurnOffHistorybasedPredictiveInput*
- GP path: *Windows Components\IME*
@@ -290,7 +290,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffInternetSearchIntegration**
+**ADMX_EAIME/L_TurnOffInternetSearchIntegration**
@@ -333,7 +333,7 @@ This policy setting applies to Japanese Microsoft IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet search integration*
- GP name: *L_TurnOffInternetSearchIntegration*
- GP path: *Windows Components\IME*
@@ -344,7 +344,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffOpenExtendedDictionary**
+**ADMX_EAIME/L_TurnOffOpenExtendedDictionary**
@@ -384,7 +384,7 @@ This policy setting is applied to Japanese Microsoft IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Open Extended Dictionary*
- GP name: *L_TurnOffOpenExtendedDictionary*
- GP path: *Windows Components\IME*
@@ -395,7 +395,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile**
+**ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile**
@@ -433,7 +433,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off saving auto-tuning data to file*
- GP name: *L_TurnOffSavingAutoTuningDataToFile*
- GP path: *Windows Components\IME*
@@ -444,7 +444,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnCloudCandidate**
+**ADMX_EAIME/L_TurnOnCloudCandidate**
@@ -484,7 +484,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on cloud candidate*
- GP name: *L_TurnOnCloudCandidate*
- GP path: *Windows Components\IME*
@@ -495,7 +495,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnCloudCandidateCHS**
+**ADMX_EAIME/L_TurnOnCloudCandidateCHS**
@@ -535,7 +535,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on cloud candidate for CHS*
- GP name: *L_TurnOnCloudCandidateCHS*
- GP path: *Windows Components\IME*
@@ -546,7 +546,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnLexiconUpdate**
+**ADMX_EAIME/L_TurnOnLexiconUpdate**
@@ -586,7 +586,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on lexicon update*
- GP name: *L_TurnOnLexiconUpdate*
- GP path: *Windows Components\IME*
@@ -597,7 +597,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnLiveStickers**
+**ADMX_EAIME/L_TurnOnLiveStickers**
@@ -637,7 +637,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Live Sticker*
- GP name: *L_TurnOnLiveStickers*
- GP path: *Windows Components\IME*
@@ -648,7 +648,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport**
+**ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport**
@@ -686,7 +686,7 @@ This policy setting applies to Japanese Microsoft IME and Traditional Chinese IM
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on misconversion logging for misconversion report*
- GP name: *L_TurnOnMisconversionLoggingForMisconversionReport*
- GP path: *Windows Components\IME*
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 21c1fdf20f..f3b2d488de 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EncryptFilesonMove
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EncryptFilesonMove policies
+## ADMX_EncryptFilesonMove policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_EncryptFilesonMove/NoEncryptOnMove**
+**ADMX_EncryptFilesonMove/NoEncryptOnMove**
@@ -74,7 +74,7 @@ This setting applies only to files moved within a volume. When files are moved t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not automatically encrypt files moved to encrypted folders*
- GP name: *NoEncryptOnMove*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 01470abcbe..6fe53816f6 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EnhancedStorage
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EnhancedStorage policies
+## ADMX_EnhancedStorage policies
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_EnhancedStorage/ApprovedEnStorDevices**
+**ADMX_EnhancedStorage/ApprovedEnStorDevices**
@@ -86,7 +86,7 @@ If you disable or don't configure this policy setting, all Enhanced Storage devi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure list of Enhanced Storage devices usable on your computer*
- GP name: *ApprovedEnStorDevices*
- GP path: *System\Enhanced Storage Access*
@@ -97,7 +97,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/ApprovedSilos**
+**ADMX_EnhancedStorage/ApprovedSilos**
@@ -132,7 +132,7 @@ If you disable or don't configure this policy setting, all IEEE 1667 silos on En
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure list of IEEE 1667 silos usable on your computer*
- GP name: *ApprovedSilos*
- GP path: *System\Enhanced Storage Access*
@@ -143,7 +143,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/DisablePasswordAuthentication**
+**ADMX_EnhancedStorage/DisablePasswordAuthentication**
@@ -178,7 +178,7 @@ If you disable or don't configure this policy setting, a password can be used to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow password authentication of Enhanced Storage devices*
- GP name: *DisablePasswordAuthentication*
- GP path: *System\Enhanced Storage Access*
@@ -189,7 +189,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/DisallowLegacyDiskDevices**
+**ADMX_EnhancedStorage/DisallowLegacyDiskDevices**
@@ -224,7 +224,7 @@ If you disable or don't configure this policy setting, non-Enhanced Storage remo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow non-Enhanced Storage removable devices*
- GP name: *DisallowLegacyDiskDevices*
- GP path: *System\Enhanced Storage Access*
@@ -235,7 +235,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/LockDeviceOnMachineLock**
+**ADMX_EnhancedStorage/LockDeviceOnMachineLock**
@@ -273,7 +273,7 @@ If you disable or don't configure this policy setting, the Enhanced Storage devi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lock Enhanced Storage when the computer is locked*
- GP name: *LockDeviceOnMachineLock*
- GP path: *System\Enhanced Storage Access*
@@ -284,7 +284,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/RootHubConnectedEnStorDevices**
+**ADMX_EnhancedStorage/RootHubConnectedEnStorDevices**
@@ -319,7 +319,7 @@ If you disable or don't configure this policy setting, USB Enhanced Storage devi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow only USB root hub connected Enhanced Storage devices*
- GP name: *RootHubConnectedEnStorDevices*
- GP path: *System\Enhanced Storage Access*
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 75e7132a34..4179f9e954 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_ErrorReporting policies
+## ADMX_ErrorReporting policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -120,7 +120,7 @@ manager: aaroncz
-**ADMX_ErrorReporting/PCH_AllOrNoneDef**
+**ADMX_ErrorReporting/PCH_AllOrNoneDef**
@@ -161,7 +161,7 @@ For related information, see the Configure Error Reporting and Report Operating
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default application reporting settings*
- GP name: *PCH_AllOrNoneDef*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -172,7 +172,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_AllOrNoneEx**
+**ADMX_ErrorReporting/PCH_AllOrNoneEx**
@@ -209,7 +209,7 @@ If you disable or don't configure this policy setting, the Default application r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to never report errors for*
- GP name: *PCH_AllOrNoneEx*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_AllOrNoneInc**
+**ADMX_ErrorReporting/PCH_AllOrNoneInc**
@@ -267,7 +267,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to always report errors for*
- GP name: *PCH_AllOrNoneInc*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -278,7 +278,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_ConfigureReport**
+**ADMX_ErrorReporting/PCH_ConfigureReport**
@@ -329,7 +329,7 @@ See related policy settings Display Error Notification (same folder as this poli
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Error Reporting*
- GP name: *PCH_ConfigureReport*
- GP path: *Windows Components\Windows Error Reporting*
@@ -340,7 +340,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults**
+**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults**
@@ -379,7 +379,7 @@ See also the Configure Error Reporting policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Report operating system errors*
- GP name: *PCH_ReportOperatingSystemFaults*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -390,7 +390,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerArchive_1**
+**ADMX_ErrorReporting/WerArchive_1**
@@ -425,7 +425,7 @@ If you disable or don't configure this policy setting, no Windows Error Reportin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Archive*
- GP name: *WerArchive_1*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -436,7 +436,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerArchive_2**
+**ADMX_ErrorReporting/WerArchive_2**
@@ -471,7 +471,7 @@ If you disable or don't configure this policy setting, no Windows Error Reportin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Archive*
- GP name: *WerArchive_2*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -482,7 +482,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerAutoApproveOSDumps_1**
+**ADMX_ErrorReporting/WerAutoApproveOSDumps_1**
@@ -517,7 +517,7 @@ If you disable this policy setting, then all memory dumps are uploaded according
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatically send memory dumps for OS-generated error reports*
- GP name: *WerAutoApproveOSDumps_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -528,7 +528,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerAutoApproveOSDumps_2**
+**ADMX_ErrorReporting/WerAutoApproveOSDumps_2**
@@ -561,7 +561,7 @@ If you enable or don't configure this policy setting, any memory dumps generated
If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatically send memory dumps for OS-generated error reports*
- GP name: *WerAutoApproveOSDumps_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -572,7 +572,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassDataThrottling_1**
+**ADMX_ErrorReporting/WerBypassDataThrottling_1**
@@ -607,7 +607,7 @@ If you disable or don't configure this policy setting, WER throttles data by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not throttle additional data*
- GP name: *WerBypassDataThrottling_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -618,7 +618,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassDataThrottling_2**
+**ADMX_ErrorReporting/WerBypassDataThrottling_2**
@@ -653,7 +653,7 @@ If you disable or don't configure this policy setting, WER throttles data by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not throttle additional data*
- GP name: *WerBypassDataThrottling_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -664,7 +664,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1**
+**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1**
@@ -699,7 +699,7 @@ If you disable or don't configure this policy setting, WER doesn't send data, bu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send data when on connected to a restricted/costed network*
- GP name: *WerBypassNetworkCostThrottling_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -710,7 +710,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2**
+**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2**
@@ -745,7 +745,7 @@ If you disable or don't configure this policy setting, WER doesn't send data, bu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send data when on connected to a restricted/costed network*
- GP name: *WerBypassNetworkCostThrottling_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -756,7 +756,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassPowerThrottling_1**
+**ADMX_ErrorReporting/WerBypassPowerThrottling_1**
@@ -791,7 +791,7 @@ If you disable or don't configure this policy setting, WER checks for solutions
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send additional data when on battery power*
- GP name: *WerBypassPowerThrottling_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -802,7 +802,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassPowerThrottling_2**
+**ADMX_ErrorReporting/WerBypassPowerThrottling_2**
@@ -837,7 +837,7 @@ If you disable or don't configure this policy setting, WER checks for solutions
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send additional data when on battery power*
- GP name: *WerBypassPowerThrottling_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -848,7 +848,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerCER**
+**ADMX_ErrorReporting/WerCER**
@@ -883,7 +883,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Corporate Windows Error Reporting*
- GP name: *WerCER*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -894,7 +894,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentCustomize_1**
+**ADMX_ErrorReporting/WerConsentCustomize_1**
@@ -935,7 +935,7 @@ If you disable or don't configure this policy setting, then the default consent
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Customize consent settings*
- GP name: *WerConsentCustomize_1*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -946,7 +946,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentOverride_1**
+**ADMX_ErrorReporting/WerConsentOverride_1**
@@ -981,7 +981,7 @@ If you disable or don't configure this policy setting, custom consent policy set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore custom consent settings*
- GP name: *WerConsentOverride_1*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -992,7 +992,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentOverride_2**
+**ADMX_ErrorReporting/WerConsentOverride_2**
@@ -1027,7 +1027,7 @@ If you disable or don't configure this policy setting, custom consent policy set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore custom consent settings*
- GP name: *WerConsentOverride_2*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -1038,7 +1038,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDefaultConsent_1**
+**ADMX_ErrorReporting/WerDefaultConsent_1**
@@ -1078,7 +1078,7 @@ If this policy setting is disabled or not configured, then the consent level def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Default consent*
- GP name: *WerDefaultConsent_1*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDefaultConsent_2**
+**ADMX_ErrorReporting/WerDefaultConsent_2**
@@ -1129,7 +1129,7 @@ If this policy setting is disabled or not configured, then the consent level def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Default consent*
- GP name: *WerDefaultConsent_2*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -1140,7 +1140,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDisable_1**
+**ADMX_ErrorReporting/WerDisable_1**
@@ -1175,7 +1175,7 @@ If you disable or don't configure this policy setting, the Turn off Windows Erro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable Windows Error Reporting*
- GP name: *WerDisable_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1186,7 +1186,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerExlusion_1**
+**ADMX_ErrorReporting/WerExlusion_1**
@@ -1222,7 +1222,7 @@ If you disable or don't configure this policy setting, errors are reported on al
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to be excluded*
- GP name: *WerExlusion_1*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -1233,7 +1233,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerExlusion_2**
+**ADMX_ErrorReporting/WerExlusion_2**
@@ -1268,7 +1268,7 @@ If you disable or don't configure this policy setting, errors are reported on al
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to be excluded*
- GP name: *WerExlusion_2*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -1279,7 +1279,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoLogging_1**
+**ADMX_ErrorReporting/WerNoLogging_1**
@@ -1314,7 +1314,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable logging*
- GP name: *WerNoLogging_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1325,7 +1325,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoLogging_2**
+**ADMX_ErrorReporting/WerNoLogging_2**
@@ -1360,7 +1360,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable logging*
- GP name: *WerNoLogging_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1371,7 +1371,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoSecondLevelData_1**
+**ADMX_ErrorReporting/WerNoSecondLevelData_1**
@@ -1406,7 +1406,7 @@ If you disable or don't configure this policy setting, then consent policy setti
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not send additional data*
- GP name: *WerNoSecondLevelData_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1417,7 +1417,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerQueue_1**
+**ADMX_ErrorReporting/WerQueue_1**
@@ -1454,7 +1454,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Queue*
- GP name: *WerQueue_1*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -1465,7 +1465,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerQueue_2**
+**ADMX_ErrorReporting/WerQueue_2**
@@ -1502,7 +1502,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Queue*
- GP name: *WerQueue_2*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index 627492ca73..5e65d7883b 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,13 +18,13 @@ manager: aaroncz
-## ADMX_EventForwarding policies
+## ADMX_EventForwarding policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -40,7 +40,7 @@ manager: aaroncz
-**ADMX_EventForwarding/ForwarderResourceUsage**
+**ADMX_EventForwarding/ForwarderResourceUsage**
@@ -78,7 +78,7 @@ This setting applies across all subscriptions for the forwarder (source computer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure forwarder resource usage*
- GP name: *ForwarderResourceUsage*
- GP path: *Windows Components/Event Forwarding*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_EventForwarding/SubscriptionManager**
+**ADMX_EventForwarding/SubscriptionManager**
@@ -121,7 +121,7 @@ This policy setting allows you to configure the server address, refresh interval
If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
-Use the following syntax when using the HTTPS protocol:
+Use the following syntax when using the HTTPS protocol:
``` syntax
Server=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=.
@@ -135,7 +135,7 @@ If you disable or don't configure this policy setting, the Event Collector compu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure target Subscription Manager*
- GP name: *SubscriptionManager*
- GP path: *Windows Components/Event Forwarding*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 471b6a5631..67892620cd 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_EventLog policies
+## ADMX_EventLog policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -96,7 +96,7 @@ manager: aaroncz
-**ADMX_EventLog/Channel_LogEnabled**
+**ADMX_EventLog/Channel_LogEnabled**
@@ -126,7 +126,7 @@ This policy setting turns on logging.
If you enable or don't configure this policy setting, then events can be written to this log.
-If the policy setting is disabled, then no new events can be logged.
+If the policy setting is disabled, then no new events can be logged.
>[!Note]
> Events can always be read from the log, regardless of this policy setting.
@@ -134,7 +134,7 @@ If the policy setting is disabled, then no new events can be logged.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on logging*
- GP name: *Channel_LogEnabled*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -145,7 +145,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_1**
+**ADMX_EventLog/Channel_LogFilePath_1**
@@ -180,7 +180,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control the location of the log file*
- GP name: *Channel_LogFilePath_1*
- GP path: *Windows Components\Event Log Service\Application*
@@ -191,7 +191,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_2**
+**ADMX_EventLog/Channel_LogFilePath_2**
@@ -226,7 +226,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control the location of the log file*
- GP name: *Channel_LogFilePath_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -237,7 +237,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_3**
+**ADMX_EventLog/Channel_LogFilePath_3**
@@ -272,7 +272,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control the location of the log file*
- GP name: *Channel_LogFilePath_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -283,7 +283,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_4**
+**ADMX_EventLog/Channel_LogFilePath_4**
@@ -318,7 +318,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on logging*
- GP name: *Channel_LogFilePath_4*
- GP path: *Windows Components\Event Log Service\System*
@@ -329,7 +329,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogMaxSize_3**
+**ADMX_EventLog/Channel_LogMaxSize_3**
@@ -364,7 +364,7 @@ If you disable or don't configure this policy setting, the maximum size of the l
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -375,7 +375,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_1**
+**ADMX_EventLog/Channel_Log_AutoBackup_1**
@@ -412,7 +412,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_1*
- GP path: *Windows Components\Event Log Service\Application*
@@ -423,7 +423,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_2**
+**ADMX_EventLog/Channel_Log_AutoBackup_2**
@@ -460,7 +460,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -471,7 +471,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_3**
+**ADMX_EventLog/Channel_Log_AutoBackup_3**
@@ -508,7 +508,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -519,7 +519,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_4**
+**ADMX_EventLog/Channel_Log_AutoBackup_4**
@@ -556,7 +556,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_4*
- GP path: *Windows Components\Event Log Service\System*
@@ -567,7 +567,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_1**
+**ADMX_EventLog/Channel_Log_FileLogAccess_1**
@@ -605,7 +605,7 @@ If you disable or don't configure this policy setting, all authenticated users a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_1*
- GP path: *Windows Components\Event Log Service\Application*
@@ -616,7 +616,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_2**
+**ADMX_EventLog/Channel_Log_FileLogAccess_2**
@@ -654,7 +654,7 @@ If you disable or don't configure this policy setting, only system software and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -665,7 +665,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_3**
+**ADMX_EventLog/Channel_Log_FileLogAccess_3**
@@ -703,7 +703,7 @@ If you disable or don't configure this policy setting, all authenticated users a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -714,7 +714,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_4**
+**ADMX_EventLog/Channel_Log_FileLogAccess_4**
@@ -752,7 +752,7 @@ If you disable or don't configure this policy setting, only system software and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_4*
- GP path: *Windows Components\Event Log Service\System*
@@ -763,7 +763,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_5**
+**ADMX_EventLog/Channel_Log_FileLogAccess_5**
@@ -800,7 +800,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_5*
- GP path: *Windows Components\Event Log Service\Application*
@@ -811,7 +811,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_6**
+**ADMX_EventLog/Channel_Log_FileLogAccess_6**
@@ -848,7 +848,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_6*
- GP path: *Windows Components\Event Log Service\Security*
@@ -859,7 +859,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_7**
+**ADMX_EventLog/Channel_Log_FileLogAccess_7**
@@ -896,7 +896,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_7*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -907,7 +907,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_8**
+**ADMX_EventLog/Channel_Log_FileLogAccess_8**
@@ -944,7 +944,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_8*
- GP path: *Windows Components\Event Log Service\System*
@@ -955,7 +955,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_Retention_2**
+**ADMX_EventLog/Channel_Log_Retention_2**
@@ -993,7 +993,7 @@ If you disable or don't configure this policy setting and a log file reaches its
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -1004,7 +1004,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_Retention_3**
+**ADMX_EventLog/Channel_Log_Retention_3**
@@ -1042,7 +1042,7 @@ If you disable or don't configure this policy setting and a log file reaches its
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -1053,7 +1053,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_Retention_4**
+**ADMX_EventLog/Channel_Log_Retention_4**
@@ -1092,7 +1092,7 @@ If you disable or don't configure this policy setting and a log file reaches its
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_4*
- GP path: *Windows Components\Event Log Service\System*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index 03921b2021..2ab2eeaca2 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/12/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EventLogging
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EventLogging policies
+## ADMX_EventLogging policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_EventLogging/EnableProtectedEventLogging**
+**ADMX_EventLogging/EnableProtectedEventLogging**
@@ -62,18 +62,18 @@ manager: aaroncz
-This policy setting lets you configure Protected Event Logging.
+This policy setting lets you configure Protected Event Logging.
-If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
+If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
-You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
+You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Protected Event Logging*
- GP name: *EnableProtectedEventLogging*
- GP path: *Windows Components\Event Logging*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index a3979738bd..5745240332 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EventViewer
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EventViewer policies
+## ADMX_EventViewer policies
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_EventViewer/EventViewer_RedirectionProgram**
+**ADMX_EventViewer/EventViewer_RedirectionProgram**
@@ -71,10 +71,10 @@ manager: aaroncz
This program is the one that will be invoked when the user clicks the `events.asp` link.
-
-
+
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Events.asp program*
- GP name: *EventViewer_RedirectionProgram*
- GP path: *Windows Components\Event Viewer*
@@ -85,7 +85,7 @@ ADMX Info:
-**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters**
+**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters**
@@ -116,7 +116,7 @@ This program specifies the command line parameters that will be passed to the `e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Events.asp program command line parameters*
- GP name: *EventViewer_RedirectionProgramCommandLineParameters*
- GP path: *Windows Components\Event Viewer*
@@ -127,7 +127,7 @@ ADMX Info:
-**ADMX_EventViewer/EventViewer_RedirectionURL**
+**ADMX_EventViewer/EventViewer_RedirectionURL**
@@ -157,10 +157,10 @@ This URL is the one that will be passed to the Description area in the Event Pro
Change this value if you want to use a different Web server to handle event information requests.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Events.asp URL*
- GP name: *EventViewer_RedirectionURL*
- GP path: *Windows Components\Event Viewer*
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index c3be668f23..010a1a10ef 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_Explorer policies
+## ADMX_Explorer policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -48,7 +48,7 @@ manager: aaroncz
-**ADMX_Explorer/AdminInfoUrl**
+**ADMX_Explorer/AdminInfoUrl**
@@ -79,7 +79,7 @@ This policy setting sets the target of the More Information link that will be di
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set a support web page link*
- GP name: *AdminInfoUrl*
- GP path: *Windows Components\File Explorer*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_Explorer/AlwaysShowClassicMenu**
+**ADMX_Explorer/AlwaysShowClassicMenu**
@@ -123,13 +123,13 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting co
If you enable this policy setting, the menu bar will be displayed in File Explorer.
-If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer.
+If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer.
> [!NOTE]
> When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display the menu bar in File Explorer*
- GP name: *AlwaysShowClassicMenu*
- GP path: *Windows Components\File Explorer*
@@ -140,7 +140,7 @@ ADMX Info:
-**ADMX_Explorer/DisableRoamedProfileInit**
+**ADMX_Explorer/DisableRoamedProfileInit**
@@ -173,7 +173,7 @@ If you enable this policy setting on a machine that doesn't contain all programs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time*
- GP name: *DisableRoamedProfileInit*
- GP path: *Windows Components\File Explorer*
@@ -184,7 +184,7 @@ ADMX Info:
-**ADMX_Explorer/PreventItemCreationInUsersFilesFolder**
+**ADMX_Explorer/PreventItemCreationInUsersFilesFolder**
@@ -222,7 +222,7 @@ If you disable or don't configure this policy setting, users will be able to add
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from adding files to the root of their Users Files folder.*
- GP name: *PreventItemCreationInUsersFilesFolder*
- GP path: *Windows Components\File Explorer*
@@ -233,7 +233,7 @@ ADMX Info:
-**ADMX_Explorer/TurnOffSPIAnimations**
+**ADMX_Explorer/TurnOffSPIAnimations**
@@ -259,14 +259,14 @@ ADMX Info:
-This policy is similar to settings directly available to computer users.
+This policy is similar to settings directly available to computer users.
Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off common control and window animations*
- GP name: *TurnOffSPIAnimations*
- GP path: *Windows Components\File Explorer*
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 7d85473280..62cc01fcfd 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -8,23 +8,23 @@ ms.technology: windows
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_ExternalBoot
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## Policy CSP - ADMX_ExternalBoot
+## Policy CSP - ADMX_ExternalBoot
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate**
+**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate**
@@ -70,9 +70,9 @@ manager: aaroncz
-This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.
+This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.
-If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
+If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC.
@@ -81,7 +81,7 @@ If you disable or don't configure this setting, Windows, when started from a Win
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow hibernate (S4) when starting from a Windows To Go workspace*
- GP name: *PortableOperatingSystem_Hibernate*
- GP path: *Windows Components\Portable Operating System*
@@ -93,7 +93,7 @@ ADMX Info:
-**ADMX_ExternalBoot/PortableOperatingSystem_Sleep**
+**ADMX_ExternalBoot/PortableOperatingSystem_Sleep**
@@ -119,16 +119,16 @@ ADMX Info:
-This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.
+This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.
-If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep.
+If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep.
If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace*
- GP name: *PortableOperatingSystem_Sleep*
- GP path: *Windows Components\Portable Operating System*
@@ -140,7 +140,7 @@ ADMX Info:
-**ADMX_ExternalBoot/PortableOperatingSystem_Launcher**
+**ADMX_ExternalBoot/PortableOperatingSystem_Launcher**
@@ -166,18 +166,18 @@ ADMX Info:
-This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.
+This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.
-If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
+If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
-If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
+If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Windows To Go Default Startup Options*
- GP name: *PortableOperatingSystem_Launcher*
- GP path: *Windows Components\Portable Operating System*
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index e81f6e1043..8ea5d19c93 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -8,17 +8,17 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 03/24/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FileRecovery
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -33,7 +33,7 @@ manager: aaroncz
-**ADMX_FileRecovery/WdiScenarioExecutionPolicy**
+**ADMX_FileRecovery/WdiScenarioExecutionPolicy**
@@ -65,7 +65,7 @@ manager: aaroncz
-ADMX Info:
+ADMX Info:
- GP ADMX file name: *FileRecovery.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index 6cf18b696b..e35b11f6d0 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -8,17 +8,17 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FileRevocation
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -34,7 +34,7 @@ manager: aaroncz
-**ADMX_FileRevocation/DelegatedPackageFamilyNames**
+**ADMX_FileRevocation/DelegatedPackageFamilyNames**
@@ -58,14 +58,14 @@ manager: aaroncz
-Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.
-Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
+Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.
+Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
-If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
+If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
-If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
+If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
-Any other Windows Runtime application will only be able to revoke access to content it protected.
+Any other Windows Runtime application will only be able to revoke access to content it protected.
> [!NOTE]
> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com` will revoke the user’s access to all content protected under the contoso.com hierarchy.
@@ -73,7 +73,7 @@ Any other Windows Runtime application will only be able to revoke access to cont
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Windows Runtime apps to revoke enterprise data.*
- GP name: *DelegatedPackageFamilyNames*
- GP path: *Windows Components\File Revocation*
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 5f9d1741bd..19ebcb25d5 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FileServerVSSProvider
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_FileServerVSSProvider policies
+## ADMX_FileServerVSSProvider policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_FileServerVSSProvider/Pol_EncryptProtocol**
+**ADMX_FileServerVSSProvider/Pol_EncryptProtocol**
@@ -66,7 +66,7 @@ This policy setting determines whether the RPC protocol messages used by VSS for
VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.
-By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
+By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
> [!NOTE]
> To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
@@ -74,7 +74,7 @@ By default, the RPC protocol message between File Server VSS provider and File S
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.*
- GP name: *Pol_EncryptProtocol*
- GP path: *System/File Share Shadow Copy Provider*
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index e5c5587bc2..7cb1659741 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,14 +17,14 @@ manager: aaroncz
-## ADMX_FileSys policies
+## ADMX_FileSys policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -57,7 +57,7 @@ manager: aaroncz
-**ADMX_FileSys/DisableCompression**
+**ADMX_FileSys/DisableCompression**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -81,13 +81,13 @@ manager: aaroncz
-Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
+Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow compression on all NTFS volumes*
- GP name: *DisableCompression*
- GP path: *System/Filesystem/NTFS*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_FileSys/DisableDeleteNotification**
+**ADMX_FileSys/DisableDeleteNotification**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -131,7 +131,7 @@ A value of 1 will disable delete notifications for all volumes.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable delete notifications on all volumes*
- GP name: *DisableDeleteNotification*
- GP path: *System/Filesystem*
@@ -142,7 +142,7 @@ ADMX Info:
-**ADMX_FileSys/DisableEncryption**
+**ADMX_FileSys/DisableEncryption**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -166,12 +166,12 @@ ADMX Info:
-Encryption can add to the processing overhead of filesystem operations.
+Encryption can add to the processing overhead of filesystem operations.
Enabling this setting will prevent access to and creation of encrypted files.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow encryption on all NTFS volumes*
- GP name: *DisableEncryption*
- GP path: *System/Filesystem/NTFS*
@@ -182,7 +182,7 @@ ADMX Info:
-**ADMX_FileSys/EnablePagefileEncryption**
+**ADMX_FileSys/EnablePagefileEncryption**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -206,14 +206,14 @@ ADMX Info:
-Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.
+Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.
Enabling this setting will cause the page files to be encrypted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable NTFS pagefile encryption*
- GP name: *EnablePagefileEncryption*
- GP path: *System/Filesystem/NTFS*
@@ -224,7 +224,7 @@ ADMX Info:
-**ADMX_FileSys/LongPathsEnabled**
+**ADMX_FileSys/LongPathsEnabled**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -248,14 +248,14 @@ ADMX Info:
-Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it.
+Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it.
Enabling this setting will cause the long paths to be accessible within the process.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Win32 long paths*
- GP name: *LongPathsEnabled*
- GP path: *System/Filesystem*
@@ -266,7 +266,7 @@ ADMX Info:
-**ADMX_FileSys/ShortNameCreationSettings**
+**ADMX_FileSys/ShortNameCreationSettings**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -292,14 +292,14 @@ ADMX Info:
This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
-If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume.
+If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume.
If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Short name creation options*
- GP name: *ShortNameCreationSettings*
- GP path: *System/Filesystem/NTFS*
@@ -310,7 +310,7 @@ ADMX Info:
-**ADMX_FileSys/SymlinkEvaluation**
+**ADMX_FileSys/SymlinkEvaluation**
|Edition|Windows 10|Windows 11|
@@ -335,7 +335,7 @@ ADMX Info:
-Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
+Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
- Local Link to a Local Target
- Local Link to a Remote Target
@@ -350,7 +350,7 @@ For more information, see the Windows Help section.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Selectively allow the evaluation of a symbolic link*
- GP name: *SymlinkEvaluation*
- GP path: *System/Filesystem*
@@ -361,7 +361,7 @@ ADMX Info:
-**ADMX_FileSys/TxfDeprecatedFunctionality**
+**ADMX_FileSys/TxfDeprecatedFunctionality**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -391,7 +391,7 @@ TXF deprecated features included savepoints, secondary RM, miniversion and roll
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable / disable TXF deprecated features*
- GP name: *TxfDeprecatedFunctionality*
- GP path: *System/Filesystem/NTFS*
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index cca8d67c3b..c61d424741 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_FolderRedirection policies
+## ADMX_FolderRedirection policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -54,7 +54,7 @@ manager: aaroncz
-**ADMX_FolderRedirection/DisableFRAdminPin**
+**ADMX_FolderRedirection/DisableFRAdminPin**
|Edition|Windows 10|Windows 11|
@@ -81,12 +81,12 @@ manager: aaroncz
This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
-If you enable this policy setting, users must manually select the files they wish to make available offline.
+If you enable this policy setting, users must manually select the files they wish to make available offline.
-If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.
+If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.
> [!NOTE]
-> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface.
+> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface.
>
> Don't enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable.
>
@@ -95,7 +95,7 @@ If you disable or don't configure this policy setting, redirected shell folders
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not automatically make all redirected folders available offline*
- GP name: *DisableFRAdminPin*
- GP path: *System/Folder Redirection*
@@ -106,7 +106,7 @@ ADMX Info:
-**ADMX_FolderRedirection/DisableFRAdminPinByFolder**
+**ADMX_FolderRedirection/DisableFRAdminPinByFolder**
|Edition|Windows 10|Windows 11|
@@ -145,7 +145,7 @@ If you disable or don't configure this policy setting, all redirected shell fold
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not automatically make specific redirected folders available offline*
- GP name: *DisableFRAdminPinByFolder*
- GP path: *System/Folder Redirection*
@@ -156,7 +156,7 @@ ADMX Info:
-**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename**
+**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename**
@@ -191,7 +191,7 @@ If you disable or don't configure this policy setting, when the path to a redire
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change*
- GP name: *FolderRedirectionEnableCacheRename*
- GP path: *System/Folder Redirection*
@@ -202,7 +202,7 @@ ADMX Info:
-**ADMX_FolderRedirection/LocalizeXPRelativePaths_1**
+**ADMX_FolderRedirection/LocalizeXPRelativePaths_1**
@@ -240,7 +240,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths_1*
- GP path: *System/Folder Redirection*
@@ -251,7 +251,7 @@ ADMX Info:
-**ADMX_FolderRedirection/LocalizeXPRelativePaths_2**
+**ADMX_FolderRedirection/LocalizeXPRelativePaths_2**
@@ -289,7 +289,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths_2*
- GP path: *System/Folder Redirection*
@@ -300,7 +300,7 @@ ADMX Info:
-**ADMX_FolderRedirection/PrimaryComputer_FR_1**
+**ADMX_FolderRedirection/PrimaryComputer_FR_1**
|Edition|Windows 10|Windows 11|
@@ -339,7 +339,7 @@ If you disable or don't configure this policy setting and the user has redirecte
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputer_FR_1*
- GP path: *System/Folder Redirection*
@@ -350,7 +350,7 @@ ADMX Info:
-**ADMX_FolderRedirection/PrimaryComputer_FR_2**
+**ADMX_FolderRedirection/PrimaryComputer_FR_2**
|Edition|Windows 10|Windows 11|
@@ -390,7 +390,7 @@ If you disable or don't configure this policy setting and the user has redirecte
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputer_FR_2*
- GP path: *System/Folder Redirection*
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index a30e0b8b87..af389b9bdc 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/14/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FramePanes
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_FramePanes policies
+## ADMX_FramePanes policies
-**ADMX_FramePanes/NoReadingPane**
+**ADMX_FramePanes/NoReadingPane**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -62,23 +62,23 @@ manager: aaroncz
-This policy setting shows or hides the Details Pane in File Explorer.
+This policy setting shows or hides the Details Pane in File Explorer.
-If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
-If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
+If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
> [!NOTE]
-> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time.
+> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time.
If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user.
This setting is the default policy setting.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on or off details pane*
- GP name: *NoReadingPane*
- GP path: *Windows Components\File Explorer\Explorer Frame Pane*
@@ -89,7 +89,7 @@ ADMX Info:
-**ADMX_FramePanes/NoPreviewPane**
+**ADMX_FramePanes/NoPreviewPane**
|Edition|Windows 10|Windows 11|
@@ -114,16 +114,16 @@ ADMX Info:
-Hides the Preview Pane in File Explorer.
+Hides the Preview Pane in File Explorer.
-If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Preview Pane*
- GP name: *NoPreviewPane*
- GP path: *Windows Components\File Explorer\Explorer Frame Pane*
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index d571a60d05..47dbc15310 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/15/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FTHSVC
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_FTHSVC policies
+## ADMX_FTHSVC policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_FTHSVC/WdiScenarioExecutionPolicy**
+**ADMX_FTHSVC/WdiScenarioExecutionPolicy**
@@ -61,23 +61,23 @@ manager: aaroncz
-This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.
+This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.
-If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
+If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
-If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
+If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
-If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
+If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
-This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
-The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Fault Tolerant Heap*
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 51540ef8ab..a16529e681 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/14/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_Globalization policies
+## ADMX_Globalization policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -105,7 +105,7 @@ manager: aaroncz
-**ADMX_Globalization/BlockUserInputMethodsForSignIn**
+**ADMX_Globalization/BlockUserInputMethodsForSignIn**
@@ -143,7 +143,7 @@ If the policy is disabled or not configured, then the user will be able to use i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow copying of user input methods to the system account for sign-in*
- GP name: *BlockUserInputMethodsForSignIn*
- GP path: *System\Locale Services*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_Globalization/CustomLocalesNoSelect_1**
+**ADMX_Globalization/CustomLocalesNoSelect_1**
@@ -197,7 +197,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow selection of Custom Locales*
- GP name: *CustomLocalesNoSelect_1*
- GP path: *System\Locale Services*
@@ -208,7 +208,7 @@ ADMX Info:
-**ADMX_Globalization/CustomLocalesNoSelect_2**
+**ADMX_Globalization/CustomLocalesNoSelect_2**
@@ -251,7 +251,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow selection of Custom Locales*
- GP name: *CustomLocalesNoSelect_2*
- GP path: *System\Locale Services*
@@ -262,7 +262,7 @@ ADMX Info:
-**ADMX_Globalization/HideAdminOptions**
+**ADMX_Globalization/HideAdminOptions**
@@ -305,7 +305,7 @@ If you disable or don't configure this policy setting, the user can see the Admi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Regional and Language Options administrative options*
- GP name: *HideAdminOptions*
- GP path: *Control Panel\Regional and Language Options*
@@ -316,7 +316,7 @@ ADMX Info:
-**ADMX_Globalization/HideCurrentLocation**
+**ADMX_Globalization/HideCurrentLocation**
@@ -356,7 +356,7 @@ If you disable or don't configure this policy setting, the user sees the option
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the geographic location option*
- GP name: *HideCurrentLocation*
- GP path: *Control Panel\Regional and Language Options*
@@ -367,7 +367,7 @@ ADMX Info:
-**ADMX_Globalization/HideLanguageSelection**
+**ADMX_Globalization/HideLanguageSelection**
@@ -406,7 +406,7 @@ If you enable this policy setting, the user doesn't see the option for changing
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the select language group options*
- GP name: *HideLanguageSelection*
- GP path: *Control Panel\Regional and Language Options*
@@ -417,7 +417,7 @@ ADMX Info:
-**ADMX_Globalization/HideLocaleSelectAndCustomize**
+**ADMX_Globalization/HideLocaleSelectAndCustomize**
@@ -454,7 +454,7 @@ If you disable or don't configure this policy setting, the user sees the regiona
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide user locale selection and customization options*
- GP name: *HideLocaleSelectAndCustomize*
- GP path: *Control Panel\Regional and Language Options*
@@ -465,7 +465,7 @@ ADMX Info:
-**ADMX_Globalization/ImplicitDataCollectionOff_1**
+**ADMX_Globalization/ImplicitDataCollectionOff_1**
@@ -514,7 +514,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic learning*
- GP name: *ImplicitDataCollectionOff_1*
- GP path: *Control Panel\Regional and Language Options\Handwriting personalization*
@@ -525,7 +525,7 @@ ADMX Info:
-**ADMX_Globalization/ImplicitDataCollectionOff_2**
+**ADMX_Globalization/ImplicitDataCollectionOff_2**
@@ -568,13 +568,13 @@ This policy setting is related to the "Turn off handwriting personalization" pol
> [!NOTE]
> The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more recent data.
->
+>
> Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic learning*
- GP name: *ImplicitDataCollectionOff_2*
- GP path: *Control Panel\Regional and Language Options\Handwriting personalization*
@@ -585,7 +585,7 @@ ADMX Info:
-**ADMX_Globalization/LocaleSystemRestrict**
+**ADMX_Globalization/LocaleSystemRestrict**
@@ -622,7 +622,7 @@ If you disable or don't configure this policy setting, administrators can select
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict system locales*
- GP name: *LocaleSystemRestrict*
- GP path: *System\Locale Services*
@@ -633,7 +633,7 @@ ADMX Info:
-**ADMX_Globalization/LocaleUserRestrict_1**
+**ADMX_Globalization/LocaleUserRestrict_1**
@@ -672,7 +672,7 @@ If you disable or don't configure this policy setting, users can select any loca
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict user locales*
- GP name: *LocaleUserRestrict_1*
- GP path: *System\Locale Services*
@@ -683,7 +683,7 @@ ADMX Info:
-**ADMX_Globalization/LocaleUserRestrict_2**
+**ADMX_Globalization/LocaleUserRestrict_2**
@@ -724,7 +724,7 @@ If this policy setting is enabled at the computer level, it can't be disabled by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict user locales*
- GP name: *LocaleUserRestrict_2*
- GP path: *System\Locale Services*
@@ -735,7 +735,7 @@ ADMX Info:
-**ADMX_Globalization/LockMachineUILanguage**
+**ADMX_Globalization/LockMachineUILanguage**
@@ -772,7 +772,7 @@ If you disable or don't configure this policy setting, the user can specify whic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restricts the UI language Windows uses for all logged users*
- GP name: *LockMachineUILanguage*
- GP path: *Control Panel\Regional and Language Options*
@@ -783,7 +783,7 @@ ADMX Info:
-**ADMX_Globalization/LockUserUILanguage**
+**ADMX_Globalization/LockUserUILanguage**
@@ -822,7 +822,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restricts the UI languages Windows should use for the selected user*
- GP name: *LockUserUILanguage*
- GP path: *Control Panel\Regional and Language Options*
@@ -833,7 +833,7 @@ ADMX Info:
-**ADMX_Globalization/PreventGeoIdChange_1**
+**ADMX_Globalization/PreventGeoIdChange_1**
@@ -872,7 +872,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow changing of geographic location*
- GP name: *PreventGeoIdChange_1*
- GP path: *System\Locale Services*
@@ -883,7 +883,7 @@ ADMX Info:
-**ADMX_Globalization/PreventGeoIdChange_2**
+**ADMX_Globalization/PreventGeoIdChange_2**
@@ -922,7 +922,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow changing of geographic location*
- GP name: *PreventGeoIdChange_2*
- GP path: *System\Locale Services*
@@ -933,7 +933,7 @@ ADMX Info:
-**ADMX_Globalization/PreventUserOverrides_1**
+**ADMX_Globalization/PreventUserOverrides_1**
@@ -976,7 +976,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow user override of locale settings*
- GP name: *PreventUserOverrides_1*
- GP path: *System\Locale Services*
@@ -987,7 +987,7 @@ ADMX Info:
-**ADMX_Globalization/PreventUserOverrides_2**
+**ADMX_Globalization/PreventUserOverrides_2**
@@ -1030,7 +1030,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow user override of locale settings*
- GP name: *PreventUserOverrides_2*
- GP path: *System\Locale Services*
@@ -1041,7 +1041,7 @@ ADMX Info:
-**ADMX_Globalization/RestrictUILangSelect**
+**ADMX_Globalization/RestrictUILangSelect**
@@ -1078,7 +1078,7 @@ If you disable or don't configure this policy setting, the logged-on user can ac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict selection of Windows menus and dialogs language*
- GP name: *RestrictUILangSelect*
- GP path: *Control Panel\Regional and Language Options*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffAutocorrectMisspelledWords**
+**ADMX_Globalization/TurnOffAutocorrectMisspelledWords**
@@ -1127,7 +1127,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off autocorrect misspelled words*
- GP name: *TurnOffAutocorrectMisspelledWords*
- GP path: *Control Panel\Regional and Language Options*
@@ -1138,7 +1138,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffHighlightMisspelledWords**
+**ADMX_Globalization/TurnOffHighlightMisspelledWords**
@@ -1177,7 +1177,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off highlight misspelled words*
- GP name: *TurnOffHighlightMisspelledWords*
- GP path: *Control Panel\Regional and Language Options*
@@ -1188,7 +1188,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffInsertSpace**
+**ADMX_Globalization/TurnOffInsertSpace**
@@ -1226,7 +1226,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off insert a space after selecting a text prediction*
- GP name: *TurnOffInsertSpace*
- GP path: *Control Panel\Regional and Language Options*
@@ -1237,7 +1237,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffOfferTextPredictions**
+**ADMX_Globalization/TurnOffOfferTextPredictions**
@@ -1276,7 +1276,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off offer text predictions as I type*
- GP name: *TurnOffOfferTextPredictions*
- GP path: *Control Panel\Regional and Language Options*
@@ -1287,7 +1287,7 @@ ADMX Info:
-**ADMX_Globalization/Y2K**
+**ADMX_Globalization/Y2K**
@@ -1326,7 +1326,7 @@ If you disable or don't configure this policy setting, Windows doesn't interpret
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Century interpretation for Year 2000*
- GP name: *Y2K*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index 986333d80f..63c71fdaa6 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_GroupPolicy
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_GroupPolicy policies
+## ADMX_GroupPolicy policies
@@ -161,7 +161,7 @@ manager: aaroncz
-**ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP**
+**ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP**
@@ -207,7 +207,7 @@ If you disable this policy setting, the behavior is the same as if it isn't conf
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow cross-forest user policy and roaming user profiles*
- GP name: *AllowX-ForestPolicy-and-RUP*
- GP path: *System\Group Policy*
@@ -218,7 +218,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_AppMgmt**
+**ADMX_GroupPolicy/CSE_AppMgmt**
@@ -260,7 +260,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure software Installation policy processing*
- GP name: *CSE_AppMgmt*
- GP path: *System\Group Policy*
@@ -271,7 +271,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_DiskQuota**
+**ADMX_GroupPolicy/CSE_DiskQuota**
@@ -315,7 +315,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure disk quota policy processing*
- GP name: *CSE_DiskQuota*
- GP path: *System\Group Policy*
@@ -326,7 +326,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_EFSRecovery**
+**ADMX_GroupPolicy/CSE_EFSRecovery**
@@ -370,7 +370,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure EFS recovery policy processing*
- GP name: *CSE_EFSRecovery*
- GP path: *System\Group Policy*
@@ -381,7 +381,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_FolderRedirection**
+**ADMX_GroupPolicy/CSE_FolderRedirection**
@@ -423,7 +423,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure folder redirection policy processing*
- GP name: *CSE_FolderRedirection*
- GP path: *System\Group Policy*
@@ -434,7 +434,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_IEM**
+**ADMX_GroupPolicy/CSE_IEM**
@@ -478,7 +478,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Internet Explorer Maintenance policy processing*
- GP name: *CSE_IEM*
- GP path: *System\Group Policy*
@@ -489,7 +489,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_IPSecurity**
+**ADMX_GroupPolicy/CSE_IPSecurity**
@@ -533,7 +533,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure IP security policy processing*
- GP name: *CSE_IPSecurity*
- GP path: *System\Group Policy*
@@ -544,7 +544,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Registry**
+**ADMX_GroupPolicy/CSE_Registry**
@@ -584,7 +584,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure registry policy processing*
- GP name: *CSE_Registry*
- GP path: *System\Group Policy*
@@ -595,7 +595,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Scripts**
+**ADMX_GroupPolicy/CSE_Scripts**
@@ -637,7 +637,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure scripts policy processing*
- GP name: *CSE_Scripts*
- GP path: *System\Group Policy*
@@ -648,7 +648,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Security**
+**ADMX_GroupPolicy/CSE_Security**
@@ -690,7 +690,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure security policy processing*
- GP name: *CSE_Security*
- GP path: *System\Group Policy*
@@ -701,7 +701,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Wired**
+**ADMX_GroupPolicy/CSE_Wired**
@@ -747,7 +747,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure wired policy processing*
- GP name: *CSE_Wired*
- GP path: *System\Group Policy*
@@ -758,7 +758,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Wireless**
+**ADMX_GroupPolicy/CSE_Wireless**
@@ -804,7 +804,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure wireless policy processing*
- GP name: *CSE_Wireless*
- GP path: *System\Group Policy*
@@ -815,7 +815,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CorpConnSyncWaitTime**
+**ADMX_GroupPolicy/CorpConnSyncWaitTime**
@@ -851,7 +851,7 @@ If you disable or don't configure this policy setting, Group Policy will use the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify workplace connectivity wait time for policy processing*
- GP name: *CorpConnSyncWaitTime*
- GP path: *System\Group Policy*
@@ -862,7 +862,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DenyRsopToInteractiveUser_1**
+**ADMX_GroupPolicy/DenyRsopToInteractiveUser_1**
@@ -907,7 +907,7 @@ If you disable or don't configure this policy setting, interactive users can gen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data*
- GP name: *DenyRsopToInteractiveUser_1*
- GP path: *System\Group Policy*
@@ -918,7 +918,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DenyRsopToInteractiveUser_2**
+**ADMX_GroupPolicy/DenyRsopToInteractiveUser_2**
@@ -963,7 +963,7 @@ If you disable or don't configure this policy setting, interactive users can gen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data*
- GP name: *DenyRsopToInteractiveUser_2*
- GP path: *System\Group Policy*
@@ -974,7 +974,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableAOACProcessing**
+**ADMX_GroupPolicy/DisableAOACProcessing**
@@ -1006,7 +1006,7 @@ This policy setting prevents the Group Policy Client Service from stopping when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Group Policy Client Service AOAC optimization*
- GP name: *DisableAOACProcessing*
- GP path: *System\Group Policy*
@@ -1017,7 +1017,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableAutoADMUpdate**
+**ADMX_GroupPolicy/DisableAutoADMUpdate**
@@ -1064,7 +1064,7 @@ Files will always be copied to the GPO if they have a later timestamp.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic update of ADM files*
- GP name: *DisableAutoADMUpdate*
- GP path: *System\Group Policy*
@@ -1075,7 +1075,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableBackgroundPolicy**
+**ADMX_GroupPolicy/DisableBackgroundPolicy**
@@ -1114,7 +1114,7 @@ If you disable or don't configure this policy setting, updates can be applied wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off background refresh of Group Policy*
- GP name: *DisableBackgroundPolicy*
- GP path: *System\Group Policy*
@@ -1125,7 +1125,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableLGPOProcessing**
+**ADMX_GroupPolicy/DisableLGPOProcessing**
@@ -1166,7 +1166,7 @@ If you disable or don't configure this policy setting, Local GPOs continue to be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Local Group Policy Objects processing*
- GP name: *DisableLGPOProcessing*
- GP path: *System\Group Policy*
@@ -1177,7 +1177,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableUsersFromMachGP**
+**ADMX_GroupPolicy/DisableUsersFromMachGP**
@@ -1221,7 +1221,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove users' ability to invoke machine policy refresh*
- GP name: *DisableUsersFromMachGP*
- GP path: *System\Group Policy*
@@ -1232,7 +1232,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableCDP**
+**ADMX_GroupPolicy/EnableCDP**
@@ -1270,7 +1270,7 @@ If you don't configure this policy setting, the default behavior depends on the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Continue experiences on this device*
- GP name: *EnableCDP*
- GP path: *System\Group Policy*
@@ -1281,7 +1281,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableLogonOptimization**
+**ADMX_GroupPolicy/EnableLogonOptimization**
@@ -1321,7 +1321,7 @@ If you disable this policy setting, the Group Policy client won't cache applicab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy Caching*
- GP name: *EnableLogonOptimization*
- GP path: *System\Group Policy*
@@ -1332,7 +1332,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU**
+**ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU**
@@ -1372,7 +1372,7 @@ If you disable or don't configure this policy setting, the Group Policy client w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Group Policy Caching for Servers*
- GP name: *EnableLogonOptimizationOnServerSKU*
- GP path: *System\Group Policy*
@@ -1383,7 +1383,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableMMX**
+**ADMX_GroupPolicy/EnableMMX**
@@ -1421,7 +1421,7 @@ If you don't configure this policy setting, the default behavior depends on the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Phone-PC linking on this device*
- GP name: *EnableMMX*
- GP path: *System\Group Policy*
@@ -1432,7 +1432,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnforcePoliciesOnly**
+**ADMX_GroupPolicy/EnforcePoliciesOnly**
@@ -1475,7 +1475,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce Show Policies Only*
- GP name: *EnforcePoliciesOnly*
- GP path: *System\Group Policy*
@@ -1486,7 +1486,7 @@ ADMX Info:
-**ADMX_GroupPolicy/FontMitigation**
+**ADMX_GroupPolicy/FontMitigation**
@@ -1512,7 +1512,7 @@ ADMX Info:
-This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory.
+This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory.
This feature can be configured to be in three modes: On, Off, and Audit. By default, it's Off and no fonts are blocked. If you aren't ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.
@@ -1520,7 +1520,7 @@ This feature can be configured to be in three modes: On, Off, and Audit. By defa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Untrusted Font Blocking*
- GP name: *DisableUsersFromMachGP*
- GP path: *System\Mitigation Options*
@@ -1531,7 +1531,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GPDCOptions**
+**ADMX_GroupPolicy/GPDCOptions**
@@ -1576,7 +1576,7 @@ If you disable this setting or don't configure it, the Group Policy Object Edito
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy domain controller selection*
- GP name: *GPDCOptions*
- GP path: *System\Group Policy*
@@ -1587,7 +1587,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GPTransferRate_1**
+**ADMX_GroupPolicy/GPTransferRate_1**
@@ -1634,7 +1634,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy slow link detection*
- GP name: *GPTransferRate_1*
- GP path: *System\Group Policy*
@@ -1645,7 +1645,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GPTransferRate_2**
+**ADMX_GroupPolicy/GPTransferRate_2**
@@ -1683,7 +1683,7 @@ If you disable this setting or don't configure it, the system uses the default v
This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.
-Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile.
+Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile.
> [!NOTE]
> If the profile server has IP connectivity, the connection speed setting is used. If the profile server doesn't have IP connectivity, the SMB timing is used.
@@ -1692,7 +1692,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy slow link detection*
- GP name: *GPTransferRate_2*
- GP path: *System\Group Policy*
@@ -1703,7 +1703,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GroupPolicyRefreshRate**
+**ADMX_GroupPolicy/GroupPolicyRefreshRate**
@@ -1752,7 +1752,7 @@ This setting is only used when the "Turn off background refresh of Group Policy"
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Group Policy refresh interval for computers*
- GP name: *GroupPolicyRefreshRate*
- GP path: *System\Group Policy*
@@ -1763,7 +1763,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GroupPolicyRefreshRateDC**
+**ADMX_GroupPolicy/GroupPolicyRefreshRateDC**
@@ -1806,7 +1806,7 @@ This setting also lets you specify how much the actual update interval varies. T
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Group Policy refresh interval for domain controllers*
- GP name: *GroupPolicyRefreshRateDC*
- GP path: *System\Group Policy*
@@ -1817,7 +1817,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GroupPolicyRefreshRateUser**
+**ADMX_GroupPolicy/GroupPolicyRefreshRateUser**
@@ -1868,7 +1868,7 @@ This setting also lets you specify how much the actual update interval varies. T
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Group Policy refresh interval for users*
- GP name: *GroupPolicyRefreshRateUser*
- GP path: *System\Group Policy*
@@ -1879,7 +1879,7 @@ ADMX Info:
-**ADMX_GroupPolicy/LogonScriptDelay**
+**ADMX_GroupPolicy/LogonScriptDelay**
@@ -1921,7 +1921,7 @@ If you don't configure this policy setting, Group Policy will wait five minutes
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Logon Script Delay*
- GP name: *LogonScriptDelay*
- GP path: *System\Group Policy*
@@ -1932,7 +1932,7 @@ ADMX Info:
-**ADMX_GroupPolicy/NewGPODisplayName**
+**ADMX_GroupPolicy/NewGPODisplayName**
@@ -1970,7 +1970,7 @@ If this setting is Disabled or Not Configured, the default display name of New G
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set default name for new Group Policy objects*
- GP name: *NewGPODisplayName*
- GP path: *System\Group Policy*
@@ -1981,7 +1981,7 @@ ADMX Info:
-**ADMX_GroupPolicy/NewGPOLinksDisabled**
+**ADMX_GroupPolicy/NewGPOLinksDisabled**
@@ -2017,7 +2017,7 @@ If you disable this setting or don't configure it, new Group Policy object links
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Create new Group Policy Object links disabled by default*
- GP name: *NewGPOLinksDisabled*
- GP path: *System\Group Policy*
@@ -2028,7 +2028,7 @@ ADMX Info:
-**ADMX_GroupPolicy/OnlyUseLocalAdminFiles**
+**ADMX_GroupPolicy/OnlyUseLocalAdminFiles**
@@ -2080,7 +2080,7 @@ If you disable or don't configure this setting, the Group Policy Object Editor s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always use local ADM files for Group Policy Object Editor*
- GP name: *OnlyUseLocalAdminFiles*
- GP path: *System\Group Policy*
@@ -2091,7 +2091,7 @@ ADMX Info:
-**ADMX_GroupPolicy/ProcessMitigationOptions**
+**ADMX_GroupPolicy/ProcessMitigationOptions**
@@ -2139,7 +2139,7 @@ Setting flags not specified here to any value other than ? results in undefined
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Process Mitigation Options*
- GP name: *ProcessMitigationOptions*
- GP path: *System\Mitigation Options*
@@ -2150,7 +2150,7 @@ ADMX Info:
-**ADMX_GroupPolicy/RSoPLogging**
+**ADMX_GroupPolicy/RSoPLogging**
@@ -2191,7 +2191,7 @@ If you disable or don't configure this setting, RSoP logging is turned on. By de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Resultant Set of Policy logging*
- GP name: *RSoPLogging*
- GP path: *System\Group Policy*
@@ -2202,7 +2202,7 @@ ADMX Info:
-**ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy**
+**ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy**
@@ -2234,7 +2234,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable AD/DFS domain controller synchronization during policy refresh*
- GP name: *ResetDfsClientInfoDuringRefreshPolicy*
- GP path: *System\Group Policy*
@@ -2245,7 +2245,7 @@ ADMX Info:
-**ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess**
+**ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess**
@@ -2286,7 +2286,7 @@ If you disable this setting or don't configure it, Group Policy will evaluate th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Direct Access connections as a fast network connection*
- GP name: *SlowLinkDefaultForDirectAccess*
- GP path: *System\Group Policy*
@@ -2297,7 +2297,7 @@ ADMX Info:
-**ADMX_GroupPolicy/SlowlinkDefaultToAsync**
+**ADMX_GroupPolicy/SlowlinkDefaultToAsync**
@@ -2341,7 +2341,7 @@ If you disable or don't configure this policy setting, detecting a slow network
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Change Group Policy processing to run asynchronously when a slow network connection is detected.*
- GP name: *SlowlinkDefaultToAsync*
- GP path: *System\Group Policy*
@@ -2352,7 +2352,7 @@ ADMX Info:
-**ADMX_GroupPolicy/SyncWaitTime**
+**ADMX_GroupPolicy/SyncWaitTime**
@@ -2388,7 +2388,7 @@ If you disable or don't configure this policy setting, Group Policy will use the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify startup policy processing wait time*
- GP name: *SyncWaitTime*
- GP path: *System\Group Policy*
@@ -2399,7 +2399,7 @@ ADMX Info:
-**ADMX_GroupPolicy/UserPolicyMode**
+**ADMX_GroupPolicy/UserPolicyMode**
@@ -2443,7 +2443,7 @@ If you disable this setting or don't configure it, the user's Group Policy Objec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure user Group Policy loopback processing mode*
- GP name: *UserPolicyMode*
- GP path: *System\Group Policy*
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index ef05d2efca..ede437e273 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Help
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Help policies
+## ADMX_Help policies
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_Help/DisableHHDEP**
+**ADMX_Help/DisableHHDEP**
@@ -82,7 +82,7 @@ If you disable or don't configure this policy setting, DEP is turned on for HTML
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executable*
- GP name: *DisableHHDEP*
- GP path: *System*
@@ -93,7 +93,7 @@ ADMX Info:
-**ADMX_Help/HelpQualifiedRootDir_Comp**
+**ADMX_Help/HelpQualifiedRootDir_Comp**
@@ -143,7 +143,7 @@ For more options, see the "Restrict these programs from being launched from Help
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict potentially unsafe HTML Help functions to specified folders*
- GP name: *HelpQualifiedRootDir_Comp*
- GP path: *System*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_Help/RestrictRunFromHelp**
+**ADMX_Help/RestrictRunFromHelp**
@@ -188,14 +188,14 @@ If you disable or don't configure this policy setting, users can run all applica
> [!NOTE]
> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings.
->
+>
> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict these programs from being launched from Help*
- GP name: *RestrictRunFromHelp*
- GP path: *System*
@@ -206,7 +206,7 @@ ADMX Info:
-**ADMX_Help/RestrictRunFromHelp_Comp**
+**ADMX_Help/RestrictRunFromHelp_Comp**
@@ -240,13 +240,13 @@ If you disable or don't configure this policy setting, users can run all applica
> [!NOTE]
> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings.
->
+>
> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict these programs from being launched from Help*
- GP name: *RestrictRunFromHelp_Comp*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index e013dc38ab..49ba7126b9 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_HelpAndSupport
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_HelpAndSupport policies
+## ADMX_HelpAndSupport policies
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_HelpAndSupport/ActiveHelp**
+**ADMX_HelpAndSupport/ActiveHelp**
@@ -80,7 +80,7 @@ If you disable or don't configure this policy setting, the default behavior appl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Active Help*
- GP name: *ActiveHelp*
- GP path: *Windows Components/Online Assistance*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_HelpAndSupport/HPExplicitFeedback**
+**ADMX_HelpAndSupport/HPExplicitFeedback**
@@ -129,7 +129,7 @@ Users can use the control to provide feedback on the quality and usefulness of t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help Ratings*
- GP name: *HPExplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
@@ -140,7 +140,7 @@ ADMX Info:
-**ADMX_HelpAndSupport/HPImplicitFeedback**
+**ADMX_HelpAndSupport/HPImplicitFeedback**
|Edition|Windows 10|Windows 11|
@@ -175,7 +175,7 @@ If you disable or don't configure this policy setting, users can turn on the Hel
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help Experience Improvement Program*
- GP name: *HPImplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
@@ -186,7 +186,7 @@ ADMX Info:
-**ADMX_HelpAndSupport/HPOnlineAssistance**
+**ADMX_HelpAndSupport/HPOnlineAssistance**
@@ -222,7 +222,7 @@ If you disable or don't configure this policy setting, users can access online a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Online*
- GP name: *HPOnlineAssistance*
- GP path: *System/Internet Communication Management/Internet Communication settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index ba8121417b..4f686073ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/15/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_HotSpotAuth
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_HotSpotAuth policies
+## ADMX_HotSpotAuth policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_HotSpotAuth/HotspotAuth_Enable**
+**ADMX_HotSpotAuth/HotspotAuth_Enable**
@@ -61,20 +61,20 @@ manager: aaroncz
-This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.
+This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.
-- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network.
+- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network.
-- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.
+- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.
-- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
+- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
- If you disable this policy setting, WLAN hotspots aren't probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Hotspot Authentication*
- GP name: *HotspotAuth_Enable*
- GP path: *Network\Hotspot Authentication*
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index 9e9178ac7a..50119589b1 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_ICM
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ICM policies
+## ADMX_ICM policies
@@ -110,7 +110,7 @@ manager: aaroncz
-**ADMX_ICM/CEIPEnable**
+**ADMX_ICM/CEIPEnable**
@@ -148,7 +148,7 @@ If you don't configure this policy setting, the administrator can use the Proble
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Customer Experience Improvement Program*
- GP name: *CEIPEnable*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -159,7 +159,7 @@ ADMX Info:
-**ADMX_ICM/CertMgr_DisableAutoRootUpdates**
+**ADMX_ICM/CertMgr_DisableAutoRootUpdates**
@@ -185,7 +185,7 @@ ADMX Info:
-This policy setting specifies whether to automatically update root certificates using the Windows Update website.
+This policy setting specifies whether to automatically update root certificates using the Windows Update website.
Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.
@@ -197,7 +197,7 @@ If you disable or don't configure this policy setting, your computer will contac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Automatic Root Certificates Update*
- GP name: *CertMgr_DisableAutoRootUpdates*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -208,7 +208,7 @@ ADMX Info:
-**ADMX_ICM/DisableHTTPPrinting_1**
+**ADMX_ICM/DisableHTTPPrinting_1**
@@ -249,7 +249,7 @@ If you disable or don't configure this policy setting, users can choose to print
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off printing over HTTP*
- GP name: *DisableHTTPPrinting_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -260,7 +260,7 @@ ADMX Info:
-**ADMX_ICM/DisableWebPnPDownload_1**
+**ADMX_ICM/DisableWebPnPDownload_1**
@@ -303,7 +303,7 @@ If you disable or don't configure this policy setting, users can download print
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off downloading of print drivers over HTTP*
- GP name: *DisableWebPnPDownload_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -314,7 +314,7 @@ ADMX Info:
-**ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate**
+**ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate**
@@ -357,7 +357,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Update device driver searching*
- GP name: *DriverSearchPlaces_DontSearchWindowsUpdate*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -368,7 +368,7 @@ ADMX Info:
-**ADMX_ICM/EventViewer_DisableLinks**
+**ADMX_ICM/EventViewer_DisableLinks**
@@ -408,7 +408,7 @@ Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Comman
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Event Viewer "Events.asp" links*
- GP name: *EventViewer_DisableLinks*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -419,7 +419,7 @@ ADMX Info:
-**ADMX_ICM/HSS_HeadlinesPolicy**
+**ADMX_ICM/HSS_HeadlinesPolicy**
@@ -459,7 +459,7 @@ You might want to enable this policy setting for users who don't have Internet a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help and Support Center "Did you know?" content*
- GP name: *HSS_HeadlinesPolicy*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -470,7 +470,7 @@ ADMX Info:
-**ADMX_ICM/HSS_KBSearchPolicy**
+**ADMX_ICM/HSS_KBSearchPolicy**
@@ -508,7 +508,7 @@ If you disable or don't configure this policy setting, the Knowledge Base is sea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help and Support Center Microsoft Knowledge Base search*
- GP name: *HSS_KBSearchPolicy*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -519,7 +519,7 @@ ADMX Info:
-**ADMX_ICM/InternetManagement_RestrictCommunication_1**
+**ADMX_ICM/InternetManagement_RestrictCommunication_1**
@@ -557,7 +557,7 @@ If you don't configure this policy setting, all of the policy settings in the "I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Internet communication*
- GP name: *InternetManagement_RestrictCommunication_1*
- GP path: *System\Internet Communication Management*
@@ -568,7 +568,7 @@ ADMX Info:
-**ADMX_ICM/InternetManagement_RestrictCommunication_2**
+**ADMX_ICM/InternetManagement_RestrictCommunication_2**
@@ -605,7 +605,7 @@ If you don't configure this policy setting, all of the policy settings in the "I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Internet communication*
- GP name: *InternetManagement_RestrictCommunication_2*
- GP path: *System\Internet Communication Management*
@@ -616,7 +616,7 @@ ADMX Info:
-**ADMX_ICM/NC_ExitOnISP**
+**ADMX_ICM/NC_ExitOnISP**
@@ -652,7 +652,7 @@ If you disable or don't configure this policy setting, users can connect to Micr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com*
- GP name: *NC_ExitOnISP*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -663,7 +663,7 @@ ADMX Info:
-**ADMX_ICM/NC_NoRegistration**
+**ADMX_ICM/NC_NoRegistration**
@@ -701,7 +701,7 @@ Registration is optional and involves submitting some personal information to Mi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Registration if URL connection is referring to Microsoft.com*
- GP name: *NC_NoRegistration*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -712,7 +712,7 @@ ADMX Info:
-**ADMX_ICM/PCH_DoNotReport**
+**ADMX_ICM/PCH_DoNotReport**
@@ -746,7 +746,7 @@ If you enable this policy setting, users aren't given the option to report error
If you disable or don't configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share.
-This policy setting overrides any user setting made from the Control Panel for error reporting.
+This policy setting overrides any user setting made from the Control Panel for error reporting.
Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting.
@@ -754,7 +754,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Error Reporting*
- GP name: *PCH_DoNotReport*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -765,7 +765,7 @@ ADMX Info:
-**ADMX_ICM/RemoveWindowsUpdate_ICM**
+**ADMX_ICM/RemoveWindowsUpdate_ICM**
@@ -804,7 +804,7 @@ If you disable or don't configure this policy setting, users can access the Wind
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off access to all Windows Update features*
- GP name: *RemoveWindowsUpdate_ICM*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -815,7 +815,7 @@ ADMX Info:
-**ADMX_ICM/SearchCompanion_DisableFileUpdates**
+**ADMX_ICM/SearchCompanion_DisableFileUpdates**
@@ -856,7 +856,7 @@ If you disable or don't configure this policy setting, Search Companion download
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Search Companion content file updates*
- GP name: *SearchCompanion_DisableFileUpdates*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -867,7 +867,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseInternetOpenWith_1**
+**ADMX_ICM/ShellNoUseInternetOpenWith_1**
@@ -905,7 +905,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet File Association service*
- GP name: *ShellNoUseInternetOpenWith_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -916,7 +916,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseInternetOpenWith_2**
+**ADMX_ICM/ShellNoUseInternetOpenWith_2**
@@ -954,7 +954,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet File Association service*
- GP name: *ShellNoUseInternetOpenWith_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -965,7 +965,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseStoreOpenWith_1**
+**ADMX_ICM/ShellNoUseStoreOpenWith_1**
@@ -1003,7 +1003,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off access to the Store*
- GP name: *ShellNoUseStoreOpenWith_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1014,7 +1014,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseStoreOpenWith_2**
+**ADMX_ICM/ShellNoUseStoreOpenWith_2**
@@ -1052,7 +1052,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off access to the Store*
- GP name: *ShellNoUseStoreOpenWith_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1063,7 +1063,7 @@ ADMX Info:
-**ADMX_ICM/ShellPreventWPWDownload_1**
+**ADMX_ICM/ShellPreventWPWDownload_1**
@@ -1101,7 +1101,7 @@ For more information, including details on specifying service providers in the r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards*
- GP name: *ShellPreventWPWDownload_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1112,7 +1112,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemoveOrderPrints_1**
+**ADMX_ICM/ShellRemoveOrderPrints_1**
@@ -1148,7 +1148,7 @@ If you disable or don't configure this policy setting, the task is displayed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Order Prints" picture task*
- GP name: *ShellRemoveOrderPrints_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1159,7 +1159,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemoveOrderPrints_2**
+**ADMX_ICM/ShellRemoveOrderPrints_2**
@@ -1197,7 +1197,7 @@ If you disable or don't configure this policy setting, the task is displayed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Order Prints" picture task*
- GP name: *ShellRemoveOrderPrints_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1208,7 +1208,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemovePublishToWeb_1**
+**ADMX_ICM/ShellRemovePublishToWeb_1**
@@ -1244,7 +1244,7 @@ If you enable this policy setting, these tasks are removed from the File and Fol
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
- GP name: *ShellRemovePublishToWeb_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1255,7 +1255,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemovePublishToWeb_2**
+**ADMX_ICM/ShellRemovePublishToWeb_2**
@@ -1293,7 +1293,7 @@ If you disable or don't configure this policy setting, the tasks are shown.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
- GP name: *ShellRemovePublishToWeb_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1304,7 +1304,7 @@ ADMX Info:
-**ADMX_ICM/WinMSG_NoInstrumentation_1**
+**ADMX_ICM/WinMSG_NoInstrumentation_1**
@@ -1344,7 +1344,7 @@ If you disable this policy setting, Windows Messenger collects anonymous usage i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
- GP name: *WinMSG_NoInstrumentation_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1355,7 +1355,7 @@ ADMX Info:
-**ADMX_ICM/WinMSG_NoInstrumentation_2**
+**ADMX_ICM/WinMSG_NoInstrumentation_2**
@@ -1397,7 +1397,7 @@ If you don't configure this policy setting, users have the choice to opt in and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
- GP name: *WinMSG_NoInstrumentation_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index cdae65ef17..737fc0a2a1 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/17/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_IIS
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_IIS policies
+## ADMX_IIS policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_IIS/PreventIISInstall**
+**ADMX_IIS/PreventIISInstall**
@@ -61,11 +61,11 @@ manager: aaroncz
-This policy setting prevents installation of Internet Information Services (IIS) on this computer.
+This policy setting prevents installation of Internet Information Services (IIS) on this computer.
-If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
+If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
-Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer.
+Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer.
If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run."
@@ -73,7 +73,7 @@ If you disable or don't configure this policy setting, IIS can be installed, and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent IIS installation*
- GP name: *PreventIISInstall*
- GP path: *Windows Components\Internet Information Services*
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index e4938d1f67..7fa8e61ea4 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_iSCSI
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_iSCSI policies
+## ADMX_iSCSI policies
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins**
+**ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins**
@@ -68,7 +68,7 @@ manager: aaroncz
-If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed.
+If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed.
If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
@@ -76,7 +76,7 @@ If disabled then new iSNS servers may be added and thus new targets discovered v
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow manual configuration of iSNS servers*
- GP name: *iSCSIGeneral_RestrictAdditionalLogins*
- GP path: *System\iSCSI\iSCSI Target Discovery*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_iSCSI/iSCSIGeneral_ChangeIQNName**
+**ADMX_iSCSI/iSCSIGeneral_ChangeIQNName**
@@ -113,14 +113,14 @@ ADMX Info:
-If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed.
+If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed.
If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow manual configuration of target portals*
- GP name: *iSCSIGeneral_ChangeIQNName*
- GP path: *System\iSCSI\iSCSI Target Discovery*
@@ -131,7 +131,7 @@ ADMX Info:
-**ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret**
+**ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret**
@@ -157,7 +157,7 @@ ADMX Info:
-If enabled then don't allow the initiator CHAP secret to be changed.
+If enabled then don't allow the initiator CHAP secret to be changed.
If disabled then the initiator CHAP secret may be changed.
@@ -165,7 +165,7 @@ If disabled then the initiator CHAP secret may be changed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow changes to initiator CHAP secret*
- GP name: *iSCSISecurity_ChangeCHAPSecret*
- GP path: *System\iSCSI\iSCSI Security*
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index ec99d97b12..c8acf4a019 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_kdc
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_kdc policies
+## ADMX_kdc policies
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_kdc/CbacAndArmor**
+**ADMX_kdc/CbacAndArmor**
@@ -79,20 +79,20 @@ manager: aaroncz
This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
-If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
+If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
If you disable or don't configure this policy setting, the domain controller doesn't support claims, compound authentication or armoring.
If you configure the "Not supported" option, the domain controller doesn't support claims, compound authentication or armoring, which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems.
> [!NOTE]
-> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features.
+> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features.
-If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring.
+If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring.
**Domain functional level requirements**
-For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier, then domain controllers behave as if the "Supported" option is selected.
+For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier, then domain controllers behave as if the "Supported" option is selected.
When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and:
@@ -114,7 +114,7 @@ Impact on domain controller performance when this policy setting is enabled:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *KDC support for claims, compound authentication and Kerberos armoring*
- GP name: *CbacAndArmor*
- GP path: *System/KDC*
@@ -125,7 +125,7 @@ ADMX Info:
-**ADMX_kdc/ForestSearch**
+**ADMX_kdc/ForestSearch**
@@ -163,7 +163,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use forest search order*
- GP name: *ForestSearch*
- GP path: *System/KDC*
@@ -174,7 +174,7 @@ ADMX Info:
-**ADMX_kdc/PKINITFreshness**
+**ADMX_kdc/PKINITFreshness**
@@ -216,7 +216,7 @@ If you disable or not configure this policy setting, then the DC will never offe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *KDC support for PKInit Freshness Extension*
- GP name: *PKINITFreshness*
- GP path: *System/KDC*
@@ -227,7 +227,7 @@ ADMX Info:
-**ADMX_kdc/RequestCompoundId**
+**ADMX_kdc/RequestCompoundId**
@@ -256,9 +256,9 @@ ADMX Info:
This policy setting allows you to configure a domain controller to request compound authentication.
> [!NOTE]
-> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled.
+> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled.
-If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
+If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
If you disable or don't configure this policy setting, domain controllers will return service tickets that contain compound authentication anytime the client sends a compound authentication request regardless of the account configuration.
@@ -266,7 +266,7 @@ If you disable or don't configure this policy setting, domain controllers will r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Request compound authentication*
- GP name: *RequestCompoundId*
- GP path: *System/KDC*
@@ -277,7 +277,7 @@ ADMX Info:
-**ADMX_kdc/TicketSizeThreshold**
+**ADMX_kdc/TicketSizeThreshold**
@@ -313,7 +313,7 @@ If you disable or don't configure this policy setting, the threshold value defau
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Warning for large Kerberos tickets*
- GP name: *TicketSizeThreshold*
- GP path: *System/KDC*
@@ -324,7 +324,7 @@ ADMX Info:
-**ADMX_kdc/emitlili**
+**ADMX_kdc/emitlili**
@@ -365,7 +365,7 @@ If you disable or don't configure this policy setting, the domain controller doe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Provide information about previous logons to client computers*
- GP name: *emitlili*
- GP path: *System/KDC*
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 3cbff4ed32..586d3b63ab 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Kerberos
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Kerberos policies
+## ADMX_Kerberos policies
@@ -57,7 +57,7 @@ manager: aaroncz
-**ADMX_Kerberos/AlwaysSendCompoundId**
+**ADMX_Kerberos/AlwaysSendCompoundId**
@@ -86,9 +86,9 @@ manager: aaroncz
This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.
> [!NOTE]
-> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain.
+> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain.
-If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request.
+If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request.
If you disable or don't configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication.
@@ -96,7 +96,7 @@ If you disable or don't configure this policy setting and the resource domain re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always send compound authentication first*
- GP name: *AlwaysSendCompoundId*
- GP path: *System\Kerberos*
@@ -107,7 +107,7 @@ ADMX Info:
-**ADMX_Kerberos/DevicePKInitEnabled**
+**ADMX_Kerberos/DevicePKInitEnabled**
@@ -150,7 +150,7 @@ If you don't configure this policy setting, Automatic will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Support device authentication using certificate*
- GP name: *DevicePKInitEnabled*
- GP path: *System\Kerberos*
@@ -161,7 +161,7 @@ ADMX Info:
-**ADMX_Kerberos/HostToRealm**
+**ADMX_Kerberos/HostToRealm**
@@ -199,7 +199,7 @@ If you don't configure this policy setting, the system uses the host name-to-Ker
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define host name-to-Kerberos realm mappings*
- GP name: *HostToRealm*
- GP path: *System\Kerberos*
@@ -210,7 +210,7 @@ ADMX Info:
-**ADMX_Kerberos/KdcProxyDisableServerRevocationCheck**
+**ADMX_Kerberos/KdcProxyDisableServerRevocationCheck**
@@ -238,7 +238,7 @@ ADMX Info:
This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.
-If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections.
+If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections.
> [!WARNING]
> When revocation check is ignored, the server represented by the certificate isn't guaranteed valid.
@@ -248,7 +248,7 @@ If you disable or don't configure this policy setting, the Kerberos client enfor
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable revocation checking for the SSL certificate of KDC proxy servers*
- GP name: *KdcProxyDisableServerRevocationCheck*
- GP path: *System\Kerberos*
@@ -259,7 +259,7 @@ ADMX Info:
-**ADMX_Kerberos/KdcProxyServer**
+**ADMX_Kerberos/KdcProxyServer**
@@ -295,7 +295,7 @@ If you disable or don't configure this policy setting, the Kerberos client doesn
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify KDC proxy servers for Kerberos clients*
- GP name: *KdcProxyServer*
- GP path: *System\Kerberos*
@@ -306,7 +306,7 @@ ADMX Info:
-**ADMX_Kerberos/MitRealms**
+**ADMX_Kerberos/MitRealms**
@@ -344,7 +344,7 @@ If you don't configure this policy setting, the system uses the interoperable Ke
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define interoperable Kerberos V5 realm settings*
- GP name: *MitRealms*
- GP path: *System\Kerberos*
@@ -355,7 +355,7 @@ ADMX Info:
-**ADMX_Kerberos/ServerAcceptsCompound**
+**ADMX_Kerberos/ServerAcceptsCompound**
@@ -399,7 +399,7 @@ If you don't configure this policy setting, Automatic will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Support compound authentication*
- GP name: *ServerAcceptsCompound*
- GP path: *System\Kerberos*
@@ -410,7 +410,7 @@ ADMX Info:
-**ADMX_Kerberos/StrictTarget**
+**ADMX_Kerberos/StrictTarget**
@@ -446,7 +446,7 @@ If you disable or don't configure this policy setting, any service is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require strict target SPN match on remote procedure calls*
- GP name: *StrictTarget*
- GP path: *System\Kerberos*
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index 3fe3659069..38ccfc6a29 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LanmanServer
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LanmanServer policies
+## ADMX_LanmanServer policies
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_LanmanServer/Pol_CipherSuiteOrder**
+**ADMX_LanmanServer/Pol_CipherSuiteOrder**
@@ -77,12 +77,12 @@ If you enable this policy setting, cipher suites are prioritized in the order sp
If you enable this policy setting and don't specify at least one supported cipher suite, or if you disable or don't configure this policy setting, the default cipher suite order is used.
-SMB 3.11 cipher suites:
+SMB 3.11 cipher suites:
- AES_128_GCM
- AES_128_CCM
-SMB 3.0 and 3.02 cipher suites:
+SMB 3.0 and 3.02 cipher suites:
- AES_128_CCM
@@ -97,7 +97,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Cipher suite order*
- GP name: *Pol_CipherSuiteOrder*
- GP path: *Network/Lanman Server*
@@ -112,7 +112,7 @@ ADMX Info:
-**ADMX_LanmanServer/Pol_HashPublication**
+**ADMX_LanmanServer/Pol_HashPublication**
@@ -158,7 +158,7 @@ In circumstances where this policy setting is enabled, you can also select the f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hash Publication for BranchCache*
- GP name: *Pol_HashPublication*
- GP path: *Network/Lanman Server*
@@ -173,7 +173,7 @@ ADMX Info:
-**ADMX_LanmanServer/Pol_HashSupportVersion**
+**ADMX_LanmanServer/Pol_HashSupportVersion**
@@ -199,7 +199,7 @@ ADMX Info:
-This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
+This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
@@ -221,7 +221,7 @@ Hash version supported:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hash Version support for BranchCache*
- GP name: *Pol_HashSupportVersion*
- GP path: *Network/Lanman Server*
@@ -232,7 +232,7 @@ ADMX Info:
-**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder**
+**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder**
@@ -271,7 +271,7 @@ If you disable or don't configure this policy setting, the SMB server will selec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Honor cipher suite order*
- GP name: *Pol_HonorCipherSuiteOrder*
- GP path: *Network/Lanman Server*
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 969840fdeb..728720ca70 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LanmanWorkstation
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LanmanWorkstation policies
+## ADMX_LanmanWorkstation policies
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_LanmanWorkstation/Pol_CipherSuiteOrder**
+**ADMX_LanmanWorkstation/Pol_CipherSuiteOrder**
@@ -99,7 +99,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Cipher suite order*
- GP name: *Pol_CipherSuiteOrder*
- GP path: *Network\Lanman Workstation*
@@ -110,7 +110,7 @@ ADMX Info:
-**ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles**
+**ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles**
@@ -149,7 +149,7 @@ If you disable or don't configure this policy setting, Windows will prevent use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Handle Caching on Continuous Availability Shares*
- GP name: *Pol_EnableHandleCachingForCAFiles*
- GP path: *Network\Lanman Workstation*
@@ -160,7 +160,7 @@ ADMX Info:
-**ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares**
+**ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares**
@@ -199,7 +199,7 @@ If you disable or don't configure this policy setting, Windows will prevent use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Offline Files Availability on Continuous Availability Shares*
- GP name: *Pol_EnableOfflineFilesforCAShares*
- GP path: *Network\Lanman Workstation*
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index 2f421ddce0..08ee559f99 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/17/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LeakDiagnostic
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LeakDiagnostic policies
+## ADMX_LeakDiagnostic policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy**
+**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy**
@@ -61,17 +61,17 @@ manager: aaroncz
-This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
-If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
-The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
@@ -80,7 +80,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure custom alert text*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index ac18bf4c6f..f63de1ae5b 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/04/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LinkLayerTopologyDiscovery
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LinkLayerTopologyDiscovery policies
+## ADMX_LinkLayerTopologyDiscovery policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO**
+**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO**
@@ -77,7 +77,7 @@ If you disable or don't configure this policy setting, the default behavior of L
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Mapper I/O (LLTDIO) driver*
- GP name: *LLTD_EnableLLTDIO*
- GP path: *Network/Link-Layer Topology Discovery*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr**
+**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr**
@@ -126,7 +126,7 @@ If you disable or don't configure this policy setting, the default behavior for
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Responder (RSPNDR) driver*
- GP name: *LLTD_EnableRspndr*
- GP path: *Network/Link-Layer Topology Discovery*
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 6557e565a3..7552129f46 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,15 +18,15 @@ manager: aaroncz
> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LocationProviderAdm policies
+## ADMX_LocationProviderAdm policies
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**
+**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**
@@ -64,16 +64,16 @@ manager: aaroncz
-This policy setting turns off the Windows Location Provider feature for this computer.
+This policy setting turns off the Windows Location Provider feature for this computer.
-- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature.
+- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature.
- If you disable or don't configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Location Provider*
- GP name: *DisableWindowsLocationProvider_1*
- GP path: *Windows Components\Location and Sensors\Windows Location Provider*
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 3386f503ec..f8a8aefb1f 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Logon
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Logon policies
+## ADMX_Logon policies
@@ -78,7 +78,7 @@ manager: aaroncz
-**ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin**
+**ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin**
@@ -113,7 +113,7 @@ If you disable or don't configure this policy setting, the user may choose to sh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block user from showing account details on sign-in*
- GP name: *BlockUserFromShowingAccountDetailsOnSignin*
- GP path: *System\Logon*
@@ -124,7 +124,7 @@ ADMX Info:
-**ADMX_Logon/DisableAcrylicBackgroundOnLogon**
+**ADMX_Logon/DisableAcrylicBackgroundOnLogon**
@@ -160,7 +160,7 @@ If you disable or don't configure this policy, the logon background image adopts
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show clear logon background*
- GP name: *DisableAcrylicBackgroundOnLogon*
- GP path: *System\Logon*
@@ -171,7 +171,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunLegacy_1**
+**ADMX_Logon/DisableExplorerRunLegacy_1**
@@ -210,7 +210,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the legacy run list*
- GP name: *DisableExplorerRunLegacy_1*
- GP path: *System\Logon*
@@ -221,7 +221,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunLegacy_2**
+**ADMX_Logon/DisableExplorerRunLegacy_2**
@@ -260,7 +260,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the legacy run list*
- GP name: *DisableExplorerRunLegacy_2*
- GP path: *System\Logon*
@@ -271,7 +271,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunOnceLegacy_1**
+**ADMX_Logon/DisableExplorerRunOnceLegacy_1**
@@ -314,7 +314,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the run once list*
- GP name: *DisableExplorerRunOnceLegacy_1*
- GP path: *System\Logon*
@@ -325,7 +325,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunOnceLegacy_2**
+**ADMX_Logon/DisableExplorerRunOnceLegacy_2**
@@ -368,7 +368,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the run once list*
- GP name: *DisableExplorerRunOnceLegacy_2*
- GP path: *System\Logon*
@@ -379,7 +379,7 @@ ADMX Info:
-**ADMX_Logon/DisableStatusMessages**
+**ADMX_Logon/DisableStatusMessages**
@@ -415,7 +415,7 @@ If you disable or don't configure this policy setting, the system displays the m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Boot / Shutdown / Logon / Logoff status messages*
- GP name: *DisableStatusMessages*
- GP path: *System*
@@ -426,7 +426,7 @@ ADMX Info:
-**ADMX_Logon/DontEnumerateConnectedUsers**
+**ADMX_Logon/DontEnumerateConnectedUsers**
@@ -462,7 +462,7 @@ If you disable or don't configure this policy setting, connected users will be e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not enumerate connected users on domain-joined computers*
- GP name: *DontEnumerateConnectedUsers*
- GP path: *System\Logon*
@@ -473,7 +473,7 @@ ADMX Info:
-**ADMX_Logon/NoWelcomeTips_1**
+**ADMX_Logon/NoWelcomeTips_1**
@@ -519,7 +519,7 @@ This setting applies only to Windows. It doesn't affect the "Configure Your Serv
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display the Getting Started welcome screen at logon*
- GP name: *NoWelcomeTips_1*
- GP path: *System*
@@ -531,7 +531,7 @@ ADMX Info:
-**ADMX_Logon/NoWelcomeTips_2**
+**ADMX_Logon/NoWelcomeTips_2**
@@ -575,7 +575,7 @@ If you disable or don't configure this policy, the welcome screen is displayed e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display the Getting Started welcome screen at logon*
- GP name: *NoWelcomeTips_2*
- GP path: *System\Logon*
@@ -586,7 +586,7 @@ ADMX Info:
-**ADMX_Logon/Run_1**
+**ADMX_Logon/Run_1**
@@ -629,7 +629,7 @@ Also, see the "Do not process the legacy run list" and the "don't process the ru
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run these programs at user logon*
- GP name: *Run_1*
- GP path: *System\Logon*
@@ -640,7 +640,7 @@ ADMX Info:
-**ADMX_Logon/Run_2**
+**ADMX_Logon/Run_2**
@@ -684,7 +684,7 @@ Also, see the "Do not process the legacy run list" and the "don't process the ru
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run these programs at user logon*
- GP name: *Run_2*
- GP path: *System\Logon*
@@ -695,7 +695,7 @@ ADMX Info:
-**ADMX_Logon/SyncForegroundPolicy**
+**ADMX_Logon/SyncForegroundPolicy**
@@ -742,14 +742,14 @@ If you disable or don't configure this policy setting and users sign in to a cli
> [!NOTE]
>
-> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one sign in, enable this policy setting to ensure that Windows waits for the network to be available before applying policy.
+> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one sign in, enable this policy setting to ensure that Windows waits for the network to be available before applying policy.
> - If Folder Redirection policy will apply during the next sign in, security policies will be applied asynchronously during the next update cycle, if network connectivity is available.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always wait for the network at computer startup and logon*
- GP name: *SyncForegroundPolicy*
- GP path: *System\Logon*
@@ -760,7 +760,7 @@ ADMX Info:
-**ADMX_Logon/UseOEMBackground**
+**ADMX_Logon/UseOEMBackground**
@@ -796,7 +796,7 @@ If you disable or don't configure this policy setting, Windows uses the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always use custom logon background*
- GP name: *UseOEMBackground*
- GP path: *System\Logon*
@@ -807,7 +807,7 @@ ADMX Info:
-**ADMX_Logon/VerboseStatus**
+**ADMX_Logon/VerboseStatus**
@@ -848,7 +848,7 @@ If you disable or don't configure this policy setting, only the default status m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display highly detailed status messages*
- GP name: *VerboseStatus*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 62d92eb76a..f15a6eeac0 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -7,23 +7,23 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
-ms.date: 01/03/2022
-ms.reviewer:
+ms.date: 08/19/2022
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MicrosoftDefenderAntivirus
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MicrosoftDefenderAntivirus policies
+## ADMX_MicrosoftDefenderAntivirus policies
@@ -311,7 +311,7 @@ manager: aaroncz
-**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup**
+**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup**
@@ -347,7 +347,7 @@ If you disable this setting, the antimalware service will load as a low priority
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow antimalware service to startup with normal priority*
- GP name: *AllowFastServiceStartup*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -358,7 +358,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender**
+**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender**
@@ -398,7 +398,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Microsoft Defender Antivirus*
- GP name: *DisableAntiSpywareDefender*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -409,7 +409,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions**
+**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions**
@@ -445,7 +445,7 @@ If you enable this policy setting, Microsoft Defender Antivirus won't exclude pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Auto Exclusions*
- GP name: *DisableAutoExclusions*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -456,7 +456,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen**
+**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen**
@@ -486,7 +486,7 @@ This feature ensures the device checks in real time with the Microsoft Active Pr
If you enable this feature, the Block at First Sight setting is turned on.
If you disable this feature, the Block at First Sight setting is turned off.
-
+
This feature requires these Policy settings to be set as follows:
- MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature won't function.
@@ -497,7 +497,7 @@ This feature requires these Policy settings to be set as follows:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the 'Block at First Sight' feature*
- GP name: *DisableBlockAtFirstSeen*
- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
@@ -508,7 +508,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge**
+**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge**
@@ -544,7 +544,7 @@ If you disable this setting, only items defined by Policy will be used in the re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local administrator merge behavior for lists*
- GP name: *DisableLocalAdminMerge*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -555,7 +555,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring**
@@ -593,7 +593,7 @@ If you disable or don't configure this policy setting, Microsoft Defender Antivi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off real-time protection*
- GP name: *DisableRealtimeMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -604,7 +604,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction**
+**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction**
@@ -640,7 +640,7 @@ If you disable or don't configure this policy setting, Microsoft Defender Antivi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off routine remediation*
- GP name: *DisableRoutinelyTakingAction*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -651,7 +651,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions**
+**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions**
@@ -683,7 +683,7 @@ This policy setting allows you to specify a list of file types that should be ex
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Extension Exclusions*
- GP name: *Exclusions_Extensions*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -694,7 +694,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths**
+**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths**
@@ -728,7 +728,7 @@ As an example, a path might be defined as: "c:\Windows" to exclude all files in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Path Exclusions*
- GP name: *Exclusions_Paths*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -739,7 +739,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes**
+**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes**
@@ -771,7 +771,7 @@ This policy setting allows you to disable scheduled and real-time scanning for a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Process Exclusions*
- GP name: *Exclusions_Processes*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -782,7 +782,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions**
@@ -829,7 +829,7 @@ You can configure ASR rules in the "Configure Attack Surface Reduction rules" GP
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules*
- GP name: *ExploitGuard_ASR_ASROnlyExclusions*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
@@ -840,7 +840,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules**
@@ -885,7 +885,7 @@ The following status IDs are permitted under the value column:
- 1 (Block)
- 0 (Off)
- 2 (Audit)
-
+
Example:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1
@@ -903,7 +903,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Attack Surface Reduction rules*
- GP name: *ExploitGuard_ASR_Rules*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
@@ -914,7 +914,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications**
@@ -946,7 +946,7 @@ These applications are allowed to modify or delete files in controlled folder ac
Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add other applications.
-Enabled:
+Enabled:
Specify other allowed applications in the Options section.
Disabled:
@@ -963,7 +963,7 @@ Default system folders are automatically guarded, but you can add folders in the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure allowed applications*
- GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
@@ -974,7 +974,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders**
@@ -1004,7 +1004,7 @@ Specify additional folders that should be guarded by the Controlled folder acces
Files in these folders can't be modified or deleted by untrusted applications.
-Default system folders are automatically protected. You can configure this setting to add more folders.
+Default system folders are automatically protected. You can configure this setting to add more folders.
The list of default system folders that are protected is shown in Windows Security.
Enabled:
@@ -1024,7 +1024,7 @@ Microsoft Defender Antivirus automatically determines which applications can be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure protected folders*
- GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
@@ -1035,7 +1035,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation**
+**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation**
@@ -1076,7 +1076,7 @@ Same as Disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable file hash computation feature*
- GP name: *MpEngine_EnableFileHashComputation*
- GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine*
@@ -1087,7 +1087,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement**
+**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement**
@@ -1123,7 +1123,7 @@ If you disable this setting, definition retirement will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on definition retirement*
- GP name: *Nis_Consumers_IPS_DisableSignatureRetirement*
- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
@@ -1134,7 +1134,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid**
+**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid**
@@ -1166,7 +1166,7 @@ This policy setting defines more definition sets to enable for network traffic i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify additional definition sets for network traffic inspection*
- GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid*
- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
@@ -1177,7 +1177,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition**
+**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition**
@@ -1213,7 +1213,7 @@ If you disable this setting, protocol recognition will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on protocol recognition*
- GP name: *Nis_DisableProtocolRecognition*
- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
@@ -1224,7 +1224,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ProxyBypass**
+**ADMX_MicrosoftDefenderAntivirus/ProxyBypass**
@@ -1260,7 +1260,7 @@ If you disable or don't configure this setting, the proxy server won't be bypass
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define addresses to bypass proxy server*
- GP name: *ProxyBypass*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1271,7 +1271,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl**
+**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl**
@@ -1313,7 +1313,7 @@ If you disable or don't configure this setting, the proxy will skip over this fa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define proxy auto-config (.pac) for connecting to the network*
- GP name: *ProxyPacUrl*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1324,7 +1324,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ProxyServer**
+**ADMX_MicrosoftDefenderAntivirus/ProxyServer**
@@ -1366,7 +1366,7 @@ If you disable or don't configure this setting, the proxy will skip over this fa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define proxy server for connecting to the network*
- GP name: *ProxyServer*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1377,7 +1377,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
+**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
@@ -1413,7 +1413,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for the removal of items from Quarantine folder*
- GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
@@ -1424,7 +1424,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay**
+**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay**
@@ -1460,7 +1460,7 @@ If you disable or don't configure this setting, items will be kept in the quaran
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure removal of items from Quarantine folder*
- GP name: *Quarantine_PurgeItemsAfterDelay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
@@ -1471,7 +1471,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes**
+**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes**
@@ -1507,7 +1507,7 @@ If you disable this setting, scheduled tasks will begin at the specified start t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Randomize scheduled task times*
- GP name: *RandomizeScheduleTaskTimes*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1518,7 +1518,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring**
@@ -1554,7 +1554,7 @@ If you disable this setting, behavior monitoring will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on behavior monitoring*
- GP name: *RealtimeProtection_DisableBehaviorMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1565,7 +1565,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection**
@@ -1601,7 +1601,7 @@ If you disable this setting, scanning for all downloaded files and attachments w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan all downloaded files and attachments*
- GP name: *RealtimeProtection_DisableIOAVProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1612,7 +1612,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection**
@@ -1648,7 +1648,7 @@ If you disable this setting, monitoring for file and program activity will be di
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Monitor file and program activity on your computer*
- GP name: *RealtimeProtection_DisableOnAccessProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1659,7 +1659,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification**
@@ -1695,7 +1695,7 @@ If you disable this setting, raw write notifications be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on raw volume write notifications*
- GP name: *RealtimeProtection_DisableRawWriteNotification*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1706,7 +1706,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable**
@@ -1742,7 +1742,7 @@ If you disable this setting, a process scan won't be initiated when real-time pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on process scanning whenever real-time protection is enabled*
- GP name: *RealtimeProtection_DisableScanOnRealtimeEnable*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1753,7 +1753,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize**
@@ -1789,7 +1789,7 @@ If you disable or don't configure this setting, a default size will be applied.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the maximum size of downloaded files and attachments to be scanned*
- GP name: *RealtimeProtection_IOAVMaxSize*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1800,7 +1800,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
@@ -1836,7 +1836,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for turn on behavior monitoring*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1847,7 +1847,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
@@ -1883,7 +1883,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for scanning all downloaded files and attachments*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1894,7 +1894,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
@@ -1930,7 +1930,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for monitoring file and program activity on your computer*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1941,7 +1941,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
@@ -1977,7 +1977,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override to turn on real-time protection*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1988,7 +1988,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
@@ -2024,7 +2024,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for monitoring for incoming and outgoing file activity*
- GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -2035,7 +2035,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime**
@@ -2071,7 +2071,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation*
- GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
@@ -2082,7 +2082,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay**
@@ -2113,7 +2113,7 @@ This policy setting allows you to specify the day of the week on which to perfor
This setting can be configured with the following ordinal number values:
- (0x0) Every Day
-- (0x1) Sunday
+- (0x1) Sunday
- (0x2) Monday
- (0x3) Tuesday
- (0x4) Wednesday
@@ -2130,7 +2130,7 @@ If you disable or don't configure this setting, a scheduled full scan to complet
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the day of the week to run a scheduled full scan to complete remediation*
- GP name: *Remediation_Scan_ScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
@@ -2141,7 +2141,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime**
@@ -2177,7 +2177,7 @@ If you disable or don't configure this setting, a scheduled full scan to complet
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the time of day to run a scheduled full scan to complete remediation*
- GP name: *Remediation_Scan_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
@@ -2188,7 +2188,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout**
@@ -2220,7 +2220,7 @@ This policy setting configures the time in minutes before a detection in the "ad
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections requiring additional action*
- GP name: *Reporting_AdditionalActionTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2231,7 +2231,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout**
@@ -2263,7 +2263,7 @@ This policy setting configures the time in minutes before a detection in the “
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections in critically failed state*
- GP name: *Reporting_CriticalFailureTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2274,7 +2274,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications**
@@ -2310,7 +2310,7 @@ If you enable this setting, Microsoft Defender Antivirus enhanced notifications
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off enhanced notifications*
- GP name: *Reporting_DisableEnhancedNotifications*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2319,7 +2319,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports**
@@ -2356,7 +2356,7 @@ If you disable this setting, Watson events won't be sent.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Watson events*
- GP name: *Reporting_Disablegenericreports*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2367,7 +2367,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout**
@@ -2399,7 +2399,7 @@ This policy setting configures the time in minutes before a detection in the "no
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections in non-critical failed state*
- GP name: *Reporting_NonCriticalTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2407,7 +2407,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout**
@@ -2440,7 +2440,7 @@ This policy setting configures the time in minutes before a detection in the "co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections in recently remediated state*
- GP name: *Reporting_RecentlyCleanedTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2451,7 +2451,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents**
@@ -2483,7 +2483,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Windows software trace preprocessor components*
- GP name: *Reporting_WppTracingComponents*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2494,7 +2494,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel**
@@ -2520,7 +2520,7 @@ ADMX Info:
-This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
+This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
Tracing levels are defined as:
@@ -2533,7 +2533,7 @@ Tracing levels are defined as:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure WPP tracing level*
- GP name: *Reporting_WppTracingLevel*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2544,7 +2544,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause**
+**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause**
@@ -2580,7 +2580,7 @@ If you disable this setting, users won't be able to pause scans.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to pause scan*
- GP name: *Scan_AllowPause*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2591,7 +2591,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth**
@@ -2627,7 +2627,7 @@ If you disable or don't configure this setting, archive files will be scanned to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the maximum depth to scan archive files*
- GP name: *Scan_ArchiveMaxDepth*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2638,7 +2638,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize**
@@ -2674,7 +2674,7 @@ If you disable or don't configure this setting, archive files will be scanned ac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the maximum size of archive files to be scanned*
- GP name: *Scan_ArchiveMaxSize*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2686,7 +2686,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning**
@@ -2722,7 +2722,7 @@ If you disable this setting, archive files won't be scanned.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan archive files*
- GP name: *Scan_DisableArchiveScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2733,7 +2733,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning**
@@ -2769,7 +2769,7 @@ If you disable or don't configure this setting, e-mail scanning will be disabled
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on e-mail scanning*
- GP name: *Scan_DisableEmailScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2780,7 +2780,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics**
@@ -2816,7 +2816,7 @@ If you disable this setting, heuristics will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on heuristics*
- GP name: *Scan_DisableHeuristics*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2827,7 +2827,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning**
@@ -2863,7 +2863,7 @@ If you disable this setting, packed executables won't be scanned.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan packed executables*
- GP name: *Scan_DisablePackedExeScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2874,7 +2874,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning**
@@ -2910,7 +2910,7 @@ If you disable or don't configure this setting, removable drives won't be scanne
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan removable drives*
- GP name: *Scan_DisableRemovableDriveScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2921,7 +2921,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning**
@@ -2947,7 +2947,7 @@ ADMX Info:
-This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality.
+This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality.
If you enable this setting, reparse point scanning will be enabled.
@@ -2957,7 +2957,7 @@ If you disable or don't configure this setting, reparse point scanning will be d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on reparse point scanning*
- GP name: *Scan_DisableReparsePointScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2968,7 +2968,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint**
@@ -2994,7 +2994,7 @@ ADMX Info:
-This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
+This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
If you enable this setting, a system restore point will be created.
@@ -3004,7 +3004,7 @@ If you disable or don't configure this setting, a system restore point won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Create a system restore point*
- GP name: *Scan_DisableRestorePoint*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3050,7 +3050,7 @@ If you disable or don't configure this setting, mapped network drives won't be s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run full scan on mapped network drives*
- GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3061,7 +3061,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles**
@@ -3097,7 +3097,7 @@ If you disable or don't configure this setting, network files won't be scanned.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan network files*
- GP name: *Scan_DisableScanningNetworkFiles*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3108,7 +3108,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor**
@@ -3144,7 +3144,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for maximum percentage of CPU utilization*
- GP name: *Scan_LocalSettingOverrideAvgCPULoadFactor*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3155,7 +3155,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters**
@@ -3191,7 +3191,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for the scan type to use for a scheduled scan*
- GP name: *Scan_LocalSettingOverrideScanParameters*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3202,7 +3202,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay**
@@ -3238,7 +3238,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for schedule scan day*
- GP name: *Scan_LocalSettingOverrideScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3249,7 +3249,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime**
@@ -3285,7 +3285,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for scheduled quick scan time*
- GP name: *Scan_LocalSettingOverrideScheduleQuickScantime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3296,7 +3296,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime**
@@ -3332,7 +3332,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for scheduled scan time*
- GP name: *Scan_LocalSettingOverrideScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3343,7 +3343,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority**
@@ -3373,13 +3373,13 @@ This policy setting allows you to enable or disable low CPU priority for schedul
If you enable this setting, low CPU priority will be used during scheduled scans.
-If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans.
+If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure low CPU priority for scheduled scans*
- GP name: *Scan_LowCpuPriority*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3390,7 +3390,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup**
+**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup**
@@ -3426,7 +3426,7 @@ If you disable or don't configure this setting, a catch-up scan will occur after
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days after which a catch-up scan is forced*
- GP name: *Scan_MissedScheduledScanCountBeforeCatchup*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3437,7 +3437,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay**
+**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay**
@@ -3473,7 +3473,7 @@ If you disable or don't configure this setting, items will be kept in the scan h
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on removal of items from scan history folder*
- GP name: *Scan_PurgeItemsAfterDelay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3484,7 +3484,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval**
+**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval**
@@ -3520,7 +3520,7 @@ If you disable or don't configure this setting, a quick scan will run at a defau
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the interval to run quick scans per day*
- GP name: *Scan_QuickScanInterval*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3531,7 +3531,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle**
@@ -3567,7 +3567,7 @@ If you disable this setting, scheduled scans will run at the scheduled time.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Start the scheduled scan only when computer is on but not in use*
- GP name: *Scan_ScanOnlyIfIdle*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3578,7 +3578,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay**
@@ -3609,7 +3609,7 @@ This policy setting allows you to specify the day of the week on which to perfor
This setting can be configured with the following ordinal number values:
- (0x0) Every Day
-- (0x1) Sunday
+- (0x1) Sunday
- (0x2) Monday
- (0x3) Tuesday
- (0x4) Wednesday
@@ -3626,7 +3626,7 @@ If you disable or don't configure this setting, a scheduled scan will run at a d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the day of the week to run a scheduled scan*
- GP name: *Scan_ScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3637,7 +3637,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime**
@@ -3673,7 +3673,7 @@ If you disable or don't configure this setting, a scheduled scan will run at a d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the time of day to run a scheduled scan*
- GP name: *Scan_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3684,7 +3684,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive**
+**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive**
@@ -3720,7 +3720,7 @@ If you disable or don't configure this setting, the antimalware service will be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow antimalware service to remain running always*
- GP name: *ServiceKeepAlive*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -3731,7 +3731,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue**
@@ -3757,7 +3757,7 @@ ADMX Info:
-This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.
We don't recommend setting the value to less than 2 days to prevent machines from going out of date.
@@ -3769,7 +3769,7 @@ If you disable or don't configure this setting, spyware security intelligence wi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days before spyware security intelligence is considered out of date*
- GP name: *SignatureUpdate_ASSignatureDue*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3780,7 +3780,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue**
@@ -3816,7 +3816,7 @@ If you disable or don't configure this setting, virus security intelligence will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days before virus security intelligence is considered out of date*
- GP name: *SignatureUpdate_AVSignatureDue*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3827,7 +3827,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources**
@@ -3863,7 +3863,7 @@ If you disable or don't configure this setting, the list will remain empty by de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define file shares for downloading security intelligence updates*
- GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3874,7 +3874,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate**
@@ -3910,7 +3910,7 @@ If you disable this setting, a scan won't start following a security intelligenc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on scan after security intelligence update*
- GP name: *SignatureUpdate_DisableScanOnUpdate*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3921,7 +3921,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery**
@@ -3957,7 +3957,7 @@ If you disable this setting, security intelligence updates will be turned off wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow security intelligence updates when running on battery power*
- GP name: *SignatureUpdate_DisableScheduledSignatureUpdateonBattery*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3968,7 +3968,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine**
@@ -4004,7 +4004,7 @@ If you disable this setting, security intelligence updates won't be initiated on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Initiate security intelligence update on startup*
- GP name: *SignatureUpdate_DisableUpdateOnStartupWithoutEngine*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4015,7 +4015,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder**
@@ -4053,7 +4053,7 @@ If you disable or don't configure this setting, security intelligence update sou
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the order of sources for downloading security intelligence updates*
- GP name: *SignatureUpdate_FallbackOrder*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4064,7 +4064,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU**
@@ -4100,7 +4100,7 @@ If you disable or don't configure this setting, security intelligence updates wi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow security intelligence updates from Microsoft Update*
- GP name: *SignatureUpdate_ForceUpdateFromMU*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4111,7 +4111,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery**
@@ -4147,7 +4147,7 @@ If you disable this setting, real-time security intelligence updates will be dis
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS*
- GP name: *SignatureUpdate_RealtimeSignatureDelivery*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4158,7 +4158,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay**
@@ -4189,7 +4189,7 @@ This policy setting allows you to specify the day of the week on which to check
This setting can be configured with the following ordinal number values:
- (0x0) Every Day (default)
-- (0x1) Sunday
+- (0x1) Sunday
- (0x2) Monday
- (0x3) Tuesday
- (0x4) Wednesday
@@ -4206,7 +4206,7 @@ If you disable or don't configure this setting, the check for security intellige
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the day of the week to check for security intelligence updates*
- GP name: *SignatureUpdate_ScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4217,7 +4217,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime**
@@ -4253,7 +4253,7 @@ If you disable or don't configure this setting, the check for security intellig
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the time to check for security intelligence updates*
- GP name: *SignatureUpdate_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4264,7 +4264,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation**
@@ -4290,7 +4290,7 @@ ADMX Info:
-This policy setting allows you to define the security intelligence location for VDI-configured computers.
+This policy setting allows you to define the security intelligence location for VDI-configured computers.
If you disable or don't configure this setting, security intelligence will be referred from the default local source.
@@ -4298,7 +4298,7 @@ If you disable or don't configure this setting, security intelligence will be re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define security intelligence location for VDI clients.*
- GP name: *SignatureUpdate_SharedSignaturesLocation*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4306,7 +4306,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification**
@@ -4345,7 +4345,7 @@ If you disable this setting, the antimalware service won't receive notifications
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS*
- GP name: *SignatureUpdate_SignatureDisableNotification*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4356,7 +4356,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval**
@@ -4392,7 +4392,7 @@ If you disable or don't configure this setting, a catch-up security intelligence
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days after which a catch-up security intelligence update is required*
- GP name: *SignatureUpdate_SignatureUpdateCatchupInterval*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4403,7 +4403,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup**
@@ -4439,7 +4439,7 @@ If you disable this setting or don't configure this setting, a check for new sec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Check for the latest virus and spyware security intelligence on startup*
- GP name: *SignatureUpdate_UpdateOnStartup*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4450,7 +4450,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SpynetReporting**
+**ADMX_MicrosoftDefenderAntivirus/SpynetReporting**
@@ -4493,14 +4493,14 @@ Advanced membership, in addition to basic information, will send more informatio
If you enable this setting, you'll join Microsoft MAPS with the membership specified.
If you disable or don't configure this setting, you won't join Microsoft MAPS.
-
+
In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Join Microsoft MAPS*
- GP name: *SpynetReporting*
- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
@@ -4511,7 +4511,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting**
+**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting**
@@ -4547,7 +4547,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for reporting to Microsoft MAPS*
- GP name: *Spynet_LocalSettingOverrideSpynetReporting*
- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
@@ -4559,7 +4559,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction**
+**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction**
@@ -4597,7 +4597,7 @@ Valid remediation action values are:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify threats upon which default action should not be taken when detected*
- GP name: *Threats_ThreatIdDefaultAction*
- GP path: *Windows Components\Microsoft Defender Antivirus\Threats*
@@ -4608,7 +4608,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString**
@@ -4644,7 +4644,7 @@ If you disable or don't configure this setting, there will be no extra text disp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display additional text to clients when they need to perform an action*
- GP name: *UX_Configuration_CustomDefaultActionToastString*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
@@ -4655,7 +4655,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress**
@@ -4691,7 +4691,7 @@ If you enable this setting, Microsoft Defender Antivirus notifications won't dis
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Suppress all notifications*
- GP name: *UX_Configuration_Notification_Suppress*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
@@ -4702,7 +4702,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification**
@@ -4736,7 +4736,7 @@ If you enable this setting, AM UI won't show reboot notifications.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Suppresses reboot notifications*
- GP name: *UX_Configuration_SuppressRebootNotification*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
@@ -4747,7 +4747,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown**
@@ -4781,7 +4781,7 @@ If you enable this setting, AM UI won't be available to users.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable headless UI mode*
- GP name: *UX_Configuration_UILockdown*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
@@ -4797,4 +4797,4 @@ ADMX Info:
## Related topics
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 1d1d07a118..ceef59b3eb 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MMC
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MMC policies
+## ADMX_MMC policies
@@ -47,7 +47,7 @@ manager: aaroncz
-**ADMX_MMC/MMC_ActiveXControl**
+**ADMX_MMC/MMC_ActiveXControl**
@@ -93,7 +93,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *ActiveX Control*
- GP name: *MMC_ActiveXControl*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -104,7 +104,7 @@ ADMX Info:
-**ADMX_MMC/MMC_ExtendView**
+**ADMX_MMC/MMC_ExtendView**
@@ -150,7 +150,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Extended View (Web View)*
- GP name: *MMC_ExtendView*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -161,7 +161,7 @@ ADMX Info:
-**ADMX_MMC/MMC_LinkToWeb**
+**ADMX_MMC/MMC_LinkToWeb**
@@ -207,7 +207,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Link to Web Address*
- GP name: *MMC_LinkToWeb*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -218,7 +218,7 @@ ADMX Info:
-**ADMX_MMC/MMC_Restrict_Author**
+**ADMX_MMC/MMC_Restrict_Author**
@@ -258,7 +258,7 @@ If you disable this setting or don't configure it, users can enter author mode a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict the user from entering author mode*
- GP name: *MMC_Restrict_Author*
- GP path: *Windows Components\Microsoft Management Console*
@@ -269,7 +269,7 @@ ADMX Info:
-**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins**
+**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins**
@@ -314,7 +314,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict users to the explicitly permitted list of snap-ins*
- GP name: *MMC_Restrict_To_Permitted_Snapins*
- GP path: *Windows Components\Microsoft Management Console*
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 1dc887ce45..55e94494f7 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MMCSnapins
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MMCSnapins policies
+## ADMX_MMCSnapins policies
@@ -344,7 +344,7 @@ manager: aaroncz
-**ADMX_MMCSnapins/MMC_ADMComputers_1**
+**ADMX_MMCSnapins/MMC_ADMComputers_1**
@@ -370,17 +370,17 @@ manager: aaroncz
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -388,7 +388,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Computers)*
- GP name: *MMC_ADMComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -399,7 +399,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADMComputers_2**
+**ADMX_MMCSnapins/MMC_ADMComputers_2**
@@ -425,17 +425,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -443,7 +443,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Computers)*
- GP name: *MMC_ADMComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -455,7 +455,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADMUsers_1**
+**ADMX_MMCSnapins/MMC_ADMUsers_1**
@@ -481,17 +481,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -499,7 +499,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Users)*
- GP name: *MMC_ADMUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -511,7 +511,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADMUsers_2**
+**ADMX_MMCSnapins/MMC_ADMUsers_2**
@@ -537,17 +537,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -555,7 +555,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Users)*
- GP name: *MMC_ADMUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -567,7 +567,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADSI**
+**ADMX_MMCSnapins/MMC_ADSI**
@@ -593,17 +593,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -611,7 +611,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *ADSI Edit*
- GP name: *MMC_ADSI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -623,7 +623,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts**
+**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts**
@@ -649,17 +649,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -667,7 +667,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Active Directory Domains and Trusts*
- GP name: *MMC_ActiveDirDomTrusts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -679,7 +679,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ActiveDirSitesServices**
+**ADMX_MMCSnapins/MMC_ActiveDirSitesServices**
@@ -705,17 +705,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -723,7 +723,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Active Directory Sites and Services*
- GP name: *MMC_ActiveDirSitesServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -735,7 +735,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ActiveDirUsersComp**
+**ADMX_MMCSnapins/MMC_ActiveDirUsersComp**
@@ -761,17 +761,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -779,7 +779,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Active Directory Users and Computers*
- GP name: *MMC_ActiveDirUsersComp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -791,7 +791,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_AppleTalkRouting**
+**ADMX_MMCSnapins/MMC_AppleTalkRouting**
@@ -817,17 +817,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -835,7 +835,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *AppleTalk Routing*
- GP name: *MMC_AppleTalkRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -847,7 +847,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_AuthMan**
+**ADMX_MMCSnapins/MMC_AuthMan**
@@ -873,17 +873,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -891,7 +891,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Authorization Manager*
- GP name: *MMC_AuthMan*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -903,7 +903,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_CertAuth**
+**ADMX_MMCSnapins/MMC_CertAuth**
@@ -929,17 +929,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -947,7 +947,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certification Authority*
- GP name: *MMC_CertAuth*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -959,7 +959,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_CertAuthPolSet**
+**ADMX_MMCSnapins/MMC_CertAuthPolSet**
@@ -985,24 +985,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certification Authority Policy Settings*
- GP name: *MMC_CertAuthPolSet*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1014,7 +1014,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Certs**
+**ADMX_MMCSnapins/MMC_Certs**
@@ -1040,24 +1040,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certificates*
- GP name: *MMC_Certs*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1069,7 +1069,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_CertsTemplate**
+**ADMX_MMCSnapins/MMC_CertsTemplate**
@@ -1095,24 +1095,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certificate Templates*
- GP name: *MMC_CertsTemplate*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1124,7 +1124,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ComponentServices**
+**ADMX_MMCSnapins/MMC_ComponentServices**
@@ -1150,24 +1150,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Component Services*
- GP name: *MMC_ComponentServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1179,7 +1179,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ComputerManagement**
+**ADMX_MMCSnapins/MMC_ComputerManagement**
@@ -1205,24 +1205,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Computer Management*
- GP name: *MMC_ComputerManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1234,7 +1234,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ConnectionSharingNAT**
+**ADMX_MMCSnapins/MMC_ConnectionSharingNAT**
@@ -1260,24 +1260,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Connection Sharing (NAT)*
- GP name: *MMC_ConnectionSharingNAT*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1289,7 +1289,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DCOMCFG**
+**ADMX_MMCSnapins/MMC_DCOMCFG**
@@ -1315,24 +1315,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DCOM Configuration Extension*
- GP name: *MMC_DCOMCFG*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1344,7 +1344,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DFS**
+**ADMX_MMCSnapins/MMC_DFS**
@@ -1370,24 +1370,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Distributed File System*
- GP name: *MMC_DFS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1399,7 +1399,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DHCPRelayMgmt**
+**ADMX_MMCSnapins/MMC_DHCPRelayMgmt**
@@ -1425,24 +1425,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DHCP Relay Management*
- GP name: *MMC_DHCPRelayMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1454,7 +1454,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DeviceManager_1**
+**ADMX_MMCSnapins/MMC_DeviceManager_1**
@@ -1480,24 +1480,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Device Manager*
- GP name: *MMC_DeviceManager_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1509,7 +1509,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DeviceManager_2**
+**ADMX_MMCSnapins/MMC_DeviceManager_2**
@@ -1535,24 +1535,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Device Manager*
- GP name: *MMC_DeviceManager_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1564,7 +1564,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DiskDefrag**
+**ADMX_MMCSnapins/MMC_DiskDefrag**
@@ -1590,24 +1590,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disk Defragmenter*
- GP name: *MMC_DiskDefrag*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1619,7 +1619,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DiskMgmt**
+**ADMX_MMCSnapins/MMC_DiskMgmt**
@@ -1645,24 +1645,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disk Management*
- GP name: *MMC_DiskMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1674,7 +1674,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EnterprisePKI**
+**ADMX_MMCSnapins/MMC_EnterprisePKI**
@@ -1700,24 +1700,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enterprise PKI*
- GP name: *MMC_EnterprisePKI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1729,7 +1729,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_1**
+**ADMX_MMCSnapins/MMC_EventViewer_1**
@@ -1755,24 +1755,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer*
- GP name: *MMC_EventViewer_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1784,7 +1784,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_2**
+**ADMX_MMCSnapins/MMC_EventViewer_2**
@@ -1810,24 +1810,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer (Windows Vista)*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1839,7 +1839,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_3**
+**ADMX_MMCSnapins/MMC_EventViewer_3**
@@ -1865,24 +1865,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer*
- GP name: *MMC_EventViewer_3*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1894,7 +1894,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_4**
+**ADMX_MMCSnapins/MMC_EventViewer_4**
@@ -1920,24 +1920,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer (Windows Vista)*
- GP name: *MMC_EventViewer_4*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1950,7 +1950,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_2**
+**ADMX_MMCSnapins/MMC_EventViewer_2**
@@ -1976,24 +1976,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer (Windows Vista)*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2005,7 +2005,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FAXService**
+**ADMX_MMCSnapins/MMC_FAXService**
@@ -2031,24 +2031,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *FAX Service*
- GP name: *MMC_FAXService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2060,7 +2060,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FailoverClusters**
+**ADMX_MMCSnapins/MMC_FailoverClusters**
@@ -2086,24 +2086,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Failover Clusters Manager*
- GP name: *MMC_FailoverClusters*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2115,7 +2115,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FolderRedirection_1**
+**ADMX_MMCSnapins/MMC_FolderRedirection_1**
@@ -2141,24 +2141,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Folder Redirection*
- GP name: *MMC_FolderRedirection_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -2170,7 +2170,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FolderRedirection_2**
+**ADMX_MMCSnapins/MMC_FolderRedirection_2**
@@ -2196,24 +2196,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Folder Redirection*
- GP name: *MMC_FolderRedirection_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -2225,7 +2225,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FrontPageExt**
+**ADMX_MMCSnapins/MMC_FrontPageExt**
@@ -2251,24 +2251,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *FrontPage Server Extensions*
- GP name: *MMC_FrontPageExt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2280,7 +2280,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn**
+**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn**
@@ -2306,24 +2306,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Group Policy Management*
- GP name: *MMC_GroupPolicyManagementSnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -2335,7 +2335,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_GroupPolicySnapIn**
+**ADMX_MMCSnapins/MMC_GroupPolicySnapIn**
@@ -2361,24 +2361,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Group Policy Object Editor*
- GP name: *MMC_GroupPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -2390,7 +2390,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_GroupPolicyTab**
+**ADMX_MMCSnapins/MMC_GroupPolicyTab**
@@ -2435,7 +2435,7 @@ When the Group Policy tab is inaccessible, it doesn't appear in the site, domain
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Group Policy tab for Active Directory Tools*
- GP name: *MMC_GroupPolicyTab*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -2447,7 +2447,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_HRA**
+**ADMX_MMCSnapins/MMC_HRA**
@@ -2473,24 +2473,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Health Registration Authority (HRA)*
- GP name: *MMC_HRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2502,7 +2502,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IAS**
+**ADMX_MMCSnapins/MMC_IAS**
@@ -2528,24 +2528,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Authentication Service (IAS)*
- GP name: *MMC_IAS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2557,7 +2557,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IASLogging**
+**ADMX_MMCSnapins/MMC_IASLogging**
@@ -2583,24 +2583,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IAS Logging*
- GP name: *MMC_IASLogging*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2612,7 +2612,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IEMaintenance_1**
+**ADMX_MMCSnapins/MMC_IEMaintenance_1**
@@ -2638,24 +2638,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer Maintenance*
- GP name: *MMC_IEMaintenance_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -2667,7 +2667,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IEMaintenance_2**
+**ADMX_MMCSnapins/MMC_IEMaintenance_2**
@@ -2693,24 +2693,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer Maintenance*
- GP name: *MMC_IEMaintenance_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -2722,7 +2722,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IGMPRouting**
+**ADMX_MMCSnapins/MMC_IGMPRouting**
@@ -2748,24 +2748,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IGMP Routing*
- GP name: *MMC_IGMPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2777,7 +2777,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IIS**
+**ADMX_MMCSnapins/MMC_IIS**
@@ -2803,24 +2803,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Information Services*
- GP name: *MMC_IIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2832,7 +2832,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPRouting**
+**ADMX_MMCSnapins/MMC_IPRouting**
@@ -2858,24 +2858,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Routing*
- GP name: *MMC_IPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2887,7 +2887,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPSecManage_GP**
+**ADMX_MMCSnapins/MMC_IPSecManage_GP**
@@ -2913,24 +2913,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Security Policy Management*
- GP name: *MMC_IPSecManage_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -2942,7 +2942,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPXRIPRouting**
+**ADMX_MMCSnapins/MMC_IPXRIPRouting**
@@ -2968,24 +2968,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPX RIP Routing*
- GP name: *MMC_IPXRIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2997,7 +2997,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPXRouting**
+**ADMX_MMCSnapins/MMC_IPXRouting**
@@ -3023,24 +3023,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPX Routing*
- GP name: *MMC_IPXRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3052,7 +3052,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPXSAPRouting**
+**ADMX_MMCSnapins/MMC_IPXSAPRouting**
@@ -3078,24 +3078,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPX SAP Routing*
- GP name: *MMC_IPXSAPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3107,7 +3107,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IndexingService**
+**ADMX_MMCSnapins/MMC_IndexingService**
@@ -3133,24 +3133,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Indexing Service*
- GP name: *MMC_IndexingService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3162,7 +3162,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IpSecManage**
+**ADMX_MMCSnapins/MMC_IpSecManage**
@@ -3188,24 +3188,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Security Policy Management*
- GP name: *MMC_IpSecManage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3217,7 +3217,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IpSecMonitor**
+**ADMX_MMCSnapins/MMC_IpSecMonitor**
@@ -3243,24 +3243,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Security Monitor*
- GP name: *MMC_IpSecMonitor*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3272,7 +3272,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_LocalUsersGroups**
+**ADMX_MMCSnapins/MMC_LocalUsersGroups**
@@ -3298,24 +3298,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Local Users and Groups*
- GP name: *MMC_LocalUsersGroups*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3327,7 +3327,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_LogicalMappedDrives**
+**ADMX_MMCSnapins/MMC_LogicalMappedDrives**
@@ -3353,24 +3353,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Logical and Mapped Drives*
- GP name: *MMC_LogicalMappedDrives*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3382,7 +3382,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_NPSUI**
+**ADMX_MMCSnapins/MMC_NPSUI**
@@ -3408,24 +3408,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Network Policy Server (NPS)*
- GP name: *MMC_NPSUI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3437,7 +3437,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_NapSnap**
+**ADMX_MMCSnapins/MMC_NapSnap**
@@ -3463,24 +3463,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *NAP Client Configuration*
- GP name: *MMC_NapSnap*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3492,7 +3492,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_NapSnap_GP**
+**ADMX_MMCSnapins/MMC_NapSnap_GP**
@@ -3518,24 +3518,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *NAP Client Configuration*
- GP name: *MMC_NapSnap_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -3547,7 +3547,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Net_Framework**
+**ADMX_MMCSnapins/MMC_Net_Framework**
@@ -3573,24 +3573,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *.Net Framework Configuration*
- GP name: *MMC_Net_Framework*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3602,7 +3602,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_OCSP**
+**ADMX_MMCSnapins/MMC_OCSP**
@@ -3628,24 +3628,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Online Responder*
- GP name: *MMC_OCSP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3657,7 +3657,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_OSPFRouting**
+**ADMX_MMCSnapins/MMC_OSPFRouting**
@@ -3683,24 +3683,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *OSPF Routing*
- GP name: *MMC_OSPFRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3712,7 +3712,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_PerfLogsAlerts**
+**ADMX_MMCSnapins/MMC_PerfLogsAlerts**
@@ -3738,24 +3738,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Performance Logs and Alerts*
- GP name: *MMC_PerfLogsAlerts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3767,7 +3767,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_PublicKey**
+**ADMX_MMCSnapins/MMC_PublicKey**
@@ -3793,24 +3793,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Public Key Policies*
- GP name: *MMC_PublicKey*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3822,7 +3822,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_QoSAdmission**
+**ADMX_MMCSnapins/MMC_QoSAdmission**
@@ -3848,24 +3848,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *QoS Admission Control*
- GP name: *MMC_QoSAdmission*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3877,7 +3877,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RAS_DialinUser**
+**ADMX_MMCSnapins/MMC_RAS_DialinUser**
@@ -3903,24 +3903,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *RAS Dialin - User Node*
- GP name: *MMC_RAS_DialinUser*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3932,7 +3932,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RIPRouting**
+**ADMX_MMCSnapins/MMC_RIPRouting**
@@ -3958,24 +3958,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *RIP Routing*
- GP name: *MMC_RIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3987,7 +3987,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RIS**
+**ADMX_MMCSnapins/MMC_RIS**
@@ -4013,24 +4013,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Installation Services*
- GP name: *MMC_RIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4042,7 +4042,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RRA**
+**ADMX_MMCSnapins/MMC_RRA**
@@ -4068,24 +4068,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Routing and Remote Access*
- GP name: *MMC_RRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4097,7 +4097,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RSM**
+**ADMX_MMCSnapins/MMC_RSM**
@@ -4123,24 +4123,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Storage Management*
- GP name: *MMC_RSM*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4152,7 +4152,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RemStore**
+**ADMX_MMCSnapins/MMC_RemStore**
@@ -4178,24 +4178,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Storage*
- GP name: *MMC_RemStore*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4207,7 +4207,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RemoteAccess**
+**ADMX_MMCSnapins/MMC_RemoteAccess**
@@ -4233,24 +4233,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Access*
- GP name: *MMC_RemoteAccess*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4262,7 +4262,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RemoteDesktop**
+**ADMX_MMCSnapins/MMC_RemoteDesktop**
@@ -4288,24 +4288,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Desktops*
- GP name: *MMC_RemoteDesktop*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4317,7 +4317,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn**
+**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn**
@@ -4343,24 +4343,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Resultant Set of Policy snap-in*
- GP name: *MMC_ResultantSetOfPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -4372,7 +4372,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Routing**
+**ADMX_MMCSnapins/MMC_Routing**
@@ -4398,24 +4398,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Routing*
- GP name: *MMC_Routing*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4427,7 +4427,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SCA**
+**ADMX_MMCSnapins/MMC_SCA**
@@ -4453,24 +4453,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Configuration and Analysis*
- GP name: *MMC_SCA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4482,7 +4482,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SMTPProtocol**
+**ADMX_MMCSnapins/MMC_SMTPProtocol**
@@ -4508,24 +4508,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SMTP Protocol*
- GP name: *MMC_SMTPProtocol*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4537,7 +4537,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SNMP**
+**ADMX_MMCSnapins/MMC_SNMP**
@@ -4563,24 +4563,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SNMP*
- GP name: *MMC_SNMP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4592,7 +4592,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsMachine_1**
+**ADMX_MMCSnapins/MMC_ScriptsMachine_1**
@@ -4618,24 +4618,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Startup/Shutdown)*
- GP name: *MMC_ScriptsMachine_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4647,7 +4647,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsMachine_2**
+**ADMX_MMCSnapins/MMC_ScriptsMachine_2**
@@ -4673,24 +4673,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Startup/Shutdown)*
- GP name: *MMC_ScriptsMachine_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -4702,7 +4702,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsUser_1**
+**ADMX_MMCSnapins/MMC_ScriptsUser_1**
@@ -4728,24 +4728,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Logon/Logoff)*
- GP name: *MMC_ScriptsUser_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4757,7 +4757,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsUser_2**
+**ADMX_MMCSnapins/MMC_ScriptsUser_2**
@@ -4783,24 +4783,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Logon/Logoff)*
- GP name: *MMC_ScriptsUser_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -4812,7 +4812,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SecuritySettings_1**
+**ADMX_MMCSnapins/MMC_SecuritySettings_1**
@@ -4838,24 +4838,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Settings*
- GP name: *MMC_SecuritySettings_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4867,7 +4867,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SecuritySettings_2**
+**ADMX_MMCSnapins/MMC_SecuritySettings_2**
@@ -4893,24 +4893,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Settings*
- GP name: *MMC_SecuritySettings_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -4922,7 +4922,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SecurityTemplates**
+**ADMX_MMCSnapins/MMC_SecurityTemplates**
@@ -4948,24 +4948,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Templates*
- GP name: *MMC_SecurityTemplates*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4977,7 +4977,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SendConsoleMessage**
+**ADMX_MMCSnapins/MMC_SendConsoleMessage**
@@ -5003,24 +5003,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send Console Message*
- GP name: *MMC_SendConsoleMessage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5032,7 +5032,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ServerManager**
+**ADMX_MMCSnapins/MMC_ServerManager**
@@ -5058,24 +5058,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Server Manager*
- GP name: *MMC_ServerManager*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5087,7 +5087,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ServiceDependencies**
+**ADMX_MMCSnapins/MMC_ServiceDependencies**
@@ -5113,24 +5113,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Service Dependencies*
- GP name: *MMC_ServiceDependencies*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5142,7 +5142,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Services**
+**ADMX_MMCSnapins/MMC_Services**
@@ -5168,24 +5168,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Services*
- GP name: *MMC_Services*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5197,7 +5197,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SharedFolders**
+**ADMX_MMCSnapins/MMC_SharedFolders**
@@ -5223,24 +5223,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Shared Folders*
- GP name: *MMC_SharedFolders*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5252,7 +5252,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SharedFolders_Ext**
+**ADMX_MMCSnapins/MMC_SharedFolders_Ext**
@@ -5278,24 +5278,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Shared Folders Ext*
- GP name: *MMC_SharedFolders_Ext*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5307,7 +5307,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1**
+**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1**
@@ -5333,24 +5333,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Computers)*
- GP name: *MMC_SoftwareInstalationComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -5362,7 +5362,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2**
+**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2**
@@ -5388,24 +5388,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Computers)*
- GP name: *MMC_SoftwareInstalationComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -5417,7 +5417,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1**
+**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1**
@@ -5443,24 +5443,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Users)*
- GP name: *MMC_SoftwareInstallationUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -5472,7 +5472,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2**
+**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2**
@@ -5498,24 +5498,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Users)*
- GP name: *MMC_SoftwareInstallationUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -5527,7 +5527,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SysInfo**
+**ADMX_MMCSnapins/MMC_SysInfo**
@@ -5553,24 +5553,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *System Information*
- GP name: *MMC_SysInfo*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5582,7 +5582,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SysProp**
+**ADMX_MMCSnapins/MMC_SysProp**
@@ -5608,24 +5608,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *System Properties*
- GP name: *MMC_SysProp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5637,7 +5637,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_TPMManagement**
+**ADMX_MMCSnapins/MMC_TPMManagement**
@@ -5663,24 +5663,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *TPM Management*
- GP name: *MMC_TPMManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5692,7 +5692,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Telephony**
+**ADMX_MMCSnapins/MMC_Telephony**
@@ -5718,24 +5718,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Telephony*
- GP name: *MMC_Telephony*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5747,7 +5747,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_TerminalServices**
+**ADMX_MMCSnapins/MMC_TerminalServices**
@@ -5773,24 +5773,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Desktop Services Configuration*
- GP name: *MMC_TerminalServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5802,7 +5802,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WMI**
+**ADMX_MMCSnapins/MMC_WMI**
@@ -5828,24 +5828,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WMI Control*
- GP name: *MMC_WMI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5857,7 +5857,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WindowsFirewall**
+**ADMX_MMCSnapins/MMC_WindowsFirewall**
@@ -5883,24 +5883,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Windows Firewall with Advanced Security*
- GP name: *MMC_WindowsFirewall*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5912,7 +5912,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WindowsFirewall_GP**
+**ADMX_MMCSnapins/MMC_WindowsFirewall_GP**
@@ -5938,24 +5938,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Windows Firewall with Advanced Security*
- GP name: *MMC_WindowsFirewall_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -5967,7 +5967,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WiredNetworkPolicy**
+**ADMX_MMCSnapins/MMC_WiredNetworkPolicy**
@@ -5993,24 +5993,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Wired Network (IEEE 802.3) Policies*
- GP name: *MMC_WiredNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -6022,7 +6022,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WirelessMon**
+**ADMX_MMCSnapins/MMC_WirelessMon**
@@ -6048,24 +6048,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Wireless Monitor*
- GP name: *MMC_WirelessMon*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -6077,7 +6077,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy**
+**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy**
@@ -6103,24 +6103,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Wireless Network (IEEE 802.11) Policies*
- GP name: *MMC_WirelessNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 462bfc2801..3de6bfa7fe 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MobilePCMobilityCenter
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MobilePCMobilityCenter policies
+## ADMX_MobilePCMobilityCenter policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1**
+**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1**
@@ -65,10 +65,10 @@ manager: aaroncz
-This policy setting turns off Windows Mobility Center.
+This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
-- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
+- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -76,7 +76,7 @@ If you don't configure this policy setting, Windows Mobility Center is on by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Mobility Center*
- GP name: *MobilityCenterEnable_1*
- GP path: *Windows Components\Windows Mobility Center*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2**
+**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2**
@@ -113,10 +113,10 @@ ADMX Info:
-This policy setting turns off Windows Mobility Center.
+This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
-- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
+- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -124,7 +124,7 @@ If you don't configure this policy setting, Windows Mobility Center is on by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Mobility Center*
- GP name: *MobilityCenterEnable_2*
- GP path: *Windows Components\Windows Mobility Center*
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index a0b6581b36..2fa545031f 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MobilePCPresentationSettings
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MobilePCPresentationSettings policies
+## ADMX_MobilePCPresentationSettings policies
@@ -66,16 +66,16 @@ manager: aaroncz
-This policy setting turns off Windows presentation settings.
+This policy setting turns off Windows presentation settings.
-If you enable this policy setting, Windows presentation settings can't be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
-The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
+The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
> [!NOTE]
-> Users will be able to customize their system settings for presentations in Windows Mobility Center.
+> Users will be able to customize their system settings for presentations in Windows Mobility Center.
If you do not configure this policy setting, Windows presentation settings can be invoked.
@@ -83,7 +83,7 @@ If you do not configure this policy setting, Windows presentation settings can b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows presentation settings*
- GP name: *PresentationSettingsEnable_1*
- GP path: *Windows Components\Presentation Settings*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2**
+**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2**
@@ -120,16 +120,16 @@ ADMX Info:
-This policy setting turns off Windows presentation settings.
+This policy setting turns off Windows presentation settings.
-If you enable this policy setting, Windows presentation settings can't be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
-The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
+The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
> [!NOTE]
-> Users will be able to customize their system settings for presentations in Windows Mobility Center.
+> Users will be able to customize their system settings for presentations in Windows Mobility Center.
If you do not configure this policy setting, Windows presentation settings can be invoked.
@@ -137,7 +137,7 @@ If you do not configure this policy setting, Windows presentation settings can b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows presentation settings*
- GP name: *PresentationSettingsEnable_2*
- GP path: *Windows Components\Presentation Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index a706344772..f5dcb18fd2 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/14/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MSAPolicy
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MSAPolicy policies
+## ADMX_MSAPolicy policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth**
+**ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth**
@@ -73,7 +73,7 @@ By default, this setting is Disabled. This setting doesn't affect whether users
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block all consumer Microsoft account user authentication*
- GP name: *MicrosoftAccount_DisableUserAuth*
- GP path: *Windows Components\Microsoft account*
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 039423c269..98fe49b298 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_msched
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_msched policies
+## ADMX_msched policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_msched/ActivationBoundaryPolicy**
+**ADMX_msched/ActivationBoundaryPolicy**
@@ -75,7 +75,7 @@ If you disable or don't configure this policy setting, the daily scheduled time
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatic Maintenance Activation Boundary*
- GP name: *ActivationBoundaryPolicy*
- GP path: *Windows Components\Maintenance Scheduler*
@@ -86,7 +86,7 @@ ADMX Info:
-**ADMX_msched/RandomDelayPolicy**
+**ADMX_msched/RandomDelayPolicy**
@@ -126,7 +126,7 @@ If you disable this policy setting, no random delay will be applied to Automatic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatic Maintenance Random Delay*
- GP name: *RandomDelayPolicy*
- GP path: *Windows Components\Maintenance Scheduler*
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 3cf6d8ccbd..110b7c8cf8 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MSDT
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MSDT policies
+## ADMX_MSDT policies
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_MSDT/MsdtSupportProvider**
+**ADMX_MSDT/MsdtSupportProvider**
@@ -83,7 +83,7 @@ No reboots or service restarts are required for this policy setting to take effe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider*
- GP name: *MsdtSupportProvider*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_MSDT/MsdtToolDownloadPolicy**
+**ADMX_MSDT/MsdtToolDownloadPolicy**
@@ -148,7 +148,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Support Diagnostic Tool: Restrict tool download*
- GP name: *MsdtToolDownloadPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
@@ -159,7 +159,7 @@ ADMX Info:
-**ADMX_MSDT/WdiScenarioExecutionPolicy**
+**ADMX_MSDT/WdiScenarioExecutionPolicy**
@@ -201,7 +201,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Support Diagnostic Tool: Configure execution level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index ee2aa88f20..6a85538f3e 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/16/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MSI
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MSI policies
+## ADMX_MSI policies
@@ -103,7 +103,7 @@ manager: aaroncz
-**ADMX_MSI/AllowLockdownBrowse**
+**ADMX_MSI/AllowLockdownBrowse**
@@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, by default, only system a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to browse for source while elevated*
- GP name: *AllowLockdownBrowse*
- GP path: *Windows Components\Windows Installer*
@@ -155,7 +155,7 @@ ADMX Info:
-**ADMX_MSI/AllowLockdownMedia**
+**ADMX_MSI/AllowLockdownMedia**
@@ -195,7 +195,7 @@ Also, see the "Prevent removable media source for any install" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to use media source while elevated*
- GP name: *AllowLockdownMedia*
- GP path: *Windows Components\Windows Installer*
@@ -207,7 +207,7 @@ ADMX Info:
-**ADMX_MSI/AllowLockdownPatch**
+**ADMX_MSI/AllowLockdownPatch**
@@ -244,7 +244,7 @@ This policy setting doesn't affect installations that run in the user's security
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to patch elevated products*
- GP name: *AllowLockdownPatch*
- GP path: *Windows Components\Windows Installer*
@@ -256,7 +256,7 @@ ADMX Info:
-**ADMX_MSI/DisableAutomaticApplicationShutdown**
+**ADMX_MSI/DisableAutomaticApplicationShutdown**
@@ -298,7 +298,7 @@ If you disable or don't configure this policy setting, Windows Installer will us
-ADMX Info:
+ADMX Info:
- GGP Friendly name: *Prohibit use of Restart Manager*
- GP name: *DisableAutomaticApplicationShutdown*
- GP path: *Windows Components\Windows Installer*
@@ -310,7 +310,7 @@ ADMX Info:
-**ADMX_MSI/DisableBrowse**
+**ADMX_MSI/DisableBrowse**
@@ -352,7 +352,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove browse dialog box for new source*
- GP name: *DisableBrowse*
- GP path: *Windows Components\Windows Installer*
@@ -364,7 +364,7 @@ ADMX Info:
-**ADMX_MSI/DisableFlyweightPatching**
+**ADMX_MSI/DisableFlyweightPatching**
@@ -400,7 +400,7 @@ If you disable or don't configure this policy setting, it enables faster applica
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit flyweight patching*
- GP name: *DisableFlyweightPatching*
- GP path: *Windows Components\Windows Installer*
@@ -412,7 +412,7 @@ ADMX Info:
-**ADMX_MSI/DisableLoggingFromPackage**
+**ADMX_MSI/DisableLoggingFromPackage**
@@ -452,7 +452,7 @@ If you disable or don't configure this policy setting, Windows Installer will au
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off logging via package settings*
- GP name: *DisableLoggingFromPackage*
- GP path: *Windows Components\Windows Installer*
@@ -464,7 +464,7 @@ ADMX Info:
-**ADMX_MSI/DisableMSI**
+**ADMX_MSI/DisableMSI**
@@ -494,7 +494,7 @@ This policy setting restricts the use of Windows Installer.
If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting.
-- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software.
+- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software.
- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This option's induced behavior is the default behavior of Windows Installer on Windows Server 2003 family when the policy isn't configured.
@@ -506,7 +506,7 @@ This policy setting affects Windows Installer only. It doesn't prevent users fro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Installer*
- GP name: *DisableMSI*
- GP path: *Windows Components\Windows Installer*
@@ -518,7 +518,7 @@ ADMX Info:
-**ADMX_MSI/DisableMedia**
+**ADMX_MSI/DisableMedia**
@@ -558,7 +558,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent removable media source for any installation*
- GP name: *DisableMedia*
- GP path: *Windows Components\Windows Installer*
@@ -570,7 +570,7 @@ ADMX Info:
-**ADMX_MSI/DisablePatch**
+**ADMX_MSI/DisablePatch**
@@ -611,7 +611,7 @@ Also, see the "Enable user to patch elevated products" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from using Windows Installer to install updates and upgrades*
- GP name: *DisablePatch*
- GP path: *Windows Components\Windows Installer*
@@ -623,7 +623,7 @@ ADMX Info:
-**ADMX_MSI/DisableRollback_1**
+**ADMX_MSI/DisableRollback_1**
@@ -660,7 +660,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit rollback*
- GP name: *DisableRollback_1*
- GP path: *Windows Components\Windows Installer*
@@ -672,7 +672,7 @@ ADMX Info:
-**ADMX_MSI/DisableRollback_2**
+**ADMX_MSI/DisableRollback_2**
@@ -710,7 +710,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit rollback*
- GP name: *DisableRollback_2*
- GP path: *Windows Components\Windows Installer*
@@ -722,7 +722,7 @@ ADMX Info:
-**ADMX_MSI/DisableSharedComponent**
+**ADMX_MSI/DisableSharedComponent**
@@ -758,7 +758,7 @@ If you disable or don't configure this policy setting, by default, the shared co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off shared components*
- GP name: *DisableSharedComponent*
- GP path: *Windows Components\Windows Installer*
@@ -770,7 +770,7 @@ ADMX Info:
-**ADMX_MSI/MSILogging**
+**ADMX_MSI/MSILogging**
@@ -808,7 +808,7 @@ If you disable or don't configure this policy setting, Windows Installer logs th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the types of events Windows Installer records in its transaction log*
- GP name: *MSILogging*
- GP path: *Windows Components\Windows Installer*
@@ -821,7 +821,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisableLUAPatching**
+**ADMX_MSI/MSI_DisableLUAPatching**
@@ -859,7 +859,7 @@ If you disable or don't configure this policy setting, users without administrat
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit non-administrators from applying vendor signed updates*
- GP name: *MSI_DisableLUAPatching*
- GP path: *Windows Components\Windows Installer*
@@ -872,7 +872,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisablePatchUninstall**
+**ADMX_MSI/MSI_DisablePatchUninstall**
@@ -910,7 +910,7 @@ If you disable or don't configure this policy setting, a user can remove an upda
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit removal of updates*
- GP name: *MSI_DisablePatchUninstall*
- GP path: *Windows Components\Windows Installer*
@@ -923,7 +923,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisableSRCheckPoints**
+**ADMX_MSI/MSI_DisableSRCheckPoints**
@@ -959,7 +959,7 @@ If you disable or don't configure this policy setting, by default, the Windows I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off creation of System Restore checkpoints*
- GP name: *MSI_DisableSRCheckPoints*
- GP path: *Windows Components\Windows Installer*
@@ -972,7 +972,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisableUserInstalls**
+**ADMX_MSI/MSI_DisableUserInstalls**
@@ -1008,7 +1008,7 @@ If you enable this policy setting and "Hide User Installs" is selected, the inst
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit User Installs*
- GP name: *MSI_DisableUserInstalls*
- GP path: *Windows Components\Windows Installer*
@@ -1021,7 +1021,7 @@ ADMX Info:
-**ADMX_MSI/MSI_EnforceUpgradeComponentRules**
+**ADMX_MSI/MSI_EnforceUpgradeComponentRules**
@@ -1063,7 +1063,7 @@ If you disable or don't configure this policy setting, the Windows Installer wil
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce upgrade component rules*
- GP name: *MSI_EnforceUpgradeComponentRules*
- GP path: *Windows Components\Windows Installer*
@@ -1075,7 +1075,7 @@ ADMX Info:
-**ADMX_MSI/MSI_MaxPatchCacheSize**
+**ADMX_MSI/MSI_MaxPatchCacheSize**
@@ -1117,7 +1117,7 @@ If you disable or don't configure this policy setting, the Windows Installer wil
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control maximum size of baseline file cache*
- GP name: *MSI_MaxPatchCacheSize*
- GP path: *Windows Components\Windows Installer*
@@ -1129,7 +1129,7 @@ ADMX Info:
-**ADMX_MSI/MsiDisableEmbeddedUI**
+**ADMX_MSI/MsiDisableEmbeddedUI**
@@ -1165,7 +1165,7 @@ If you disable or don't configure this policy setting, embedded UI is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent embedded UI*
- GP name: *MsiDisableEmbeddedUI*
- GP path: *Windows Components\Windows Installer*
@@ -1177,7 +1177,7 @@ ADMX Info:
-**ADMX_MSI/SafeForScripting**
+**ADMX_MSI/SafeForScripting**
@@ -1215,7 +1215,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Internet Explorer security prompt for Windows Installer scripts*
- GP name: *SafeForScripting*
- GP path: *Windows Components\Windows Installer*
@@ -1227,7 +1227,7 @@ ADMX Info:
-**ADMX_MSI/SearchOrder**
+**ADMX_MSI/SearchOrder**
@@ -1269,7 +1269,7 @@ To exclude a file source, omit or delete the letter representing that source typ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the order in which Windows Installer searches for installation files*
- GP name: *SearchOrder*
- GP path: *Windows Components\Windows Installer*
@@ -1281,7 +1281,7 @@ ADMX Info:
-**ADMX_MSI/TransformsSecure**
+**ADMX_MSI/TransformsSecure**
@@ -1323,7 +1323,7 @@ If you disable this policy setting, Windows Installer stores transform files in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Save copies of transform files in a secure location on workstation*
- GP name: *TransformsSecure*
- GP path: *Windows Components\Windows Installer*
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index b1d046c306..12ddc63f8c 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_MsiFileRecovery.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_MsiFileRecovery
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MsiFileRecovery policies
+## ADMX_MsiFileRecovery policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy**
+**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy**
@@ -61,21 +61,21 @@ manager: aaroncz
-This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:
+This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:
- Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog-box when application reinstallation is required.
-This behavior is the default recovery behavior on Windows client.
+This behavior is the default recovery behavior on Windows client.
-- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be reinstalled. This behavior is recommended for headless operation and is the default recovery behavior on Windows server.
+- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be reinstalled. This behavior is recommended for headless operation and is the default recovery behavior on Windows server.
-- Troubleshooting Only: Detection and verification of file corruption will be performed without UI.
-Recovery isn't attempted.
+- Troubleshooting Only: Detection and verification of file corruption will be performed without UI.
+Recovery isn't attempted.
-- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only.
+- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only.
-- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted.
+- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted.
-If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh.
+If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh.
> [!NOTE]
> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -84,7 +84,7 @@ If you don't configure this policy setting, the recovery behavior for corrupted
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure MSI Corrupted File Recovery behavior*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery*
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 7bfd8617d3..a2a46c2c76 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -4,8 +4,8 @@ description: Policy CSP - ADMX_nca
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_nca
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_nca policies
+## ADMX_nca policies
@@ -56,7 +56,7 @@ manager: aaroncz
-**ADMX_nca/CorporateResources**
+**ADMX_nca/CorporateResources**
@@ -82,11 +82,11 @@ manager: aaroncz
-This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource.
+This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource.
-Each string can be one of the following types:
+Each string can be one of the following types:
-- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1.
+- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1.
> [!NOTE]
> We recommend that you use FQDNs instead of IPv6 addresses wherever possible.
@@ -102,7 +102,7 @@ You must configure this setting to have complete NCA functionality.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Corporate Resources*
- GP name: *CorporateResources*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -113,7 +113,7 @@ ADMX Info:
-**ADMX_nca/CustomCommands**
+**ADMX_nca/CustomCommands**
@@ -145,7 +145,7 @@ This policy setting specifies commands configured by the administrator for custo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Commands*
- GP name: *CustomCommands*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -156,7 +156,7 @@ ADMX Info:
-**ADMX_nca/DTEs**
+**ADMX_nca/DTEs**
@@ -182,7 +182,7 @@ ADMX Info:
-This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints.
+This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints.
By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel.
@@ -194,7 +194,7 @@ You must configure this setting to have complete NCA functionality.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPsec Tunnel Endpoints*
- GP name: *DTEs*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -205,7 +205,7 @@ ADMX Info:
-**ADMX_nca/FriendlyName**
+**ADMX_nca/FriendlyName**
@@ -239,7 +239,7 @@ If this setting isn't configured, the string that appears for DirectAccess conne
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Friendly Name*
- GP name: *FriendlyName*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -250,7 +250,7 @@ ADMX Info:
-**ADMX_nca/LocalNamesOn**
+**ADMX_nca/LocalNamesOn**
@@ -293,7 +293,7 @@ If this setting isn't configured, users don't have Connect or Disconnect options
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prefer Local Names Allowed*
- GP name: *LocalNamesOn*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -304,7 +304,7 @@ ADMX Info:
-**ADMX_nca/PassiveMode**
+**ADMX_nca/PassiveMode**
@@ -337,7 +337,7 @@ Set this policy setting to Disabled to keep NCA probing actively all the time. I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DirectAccess Passive Mode*
- GP name: *PassiveMode*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -348,7 +348,7 @@ ADMX Info:
-**ADMX_nca/ShowUI**
+**ADMX_nca/ShowUI**
@@ -376,7 +376,7 @@ ADMX Info:
This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
-Set this policy setting to Disabled to prevent user confusion when you're just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access.
+Set this policy setting to Disabled to prevent user confusion when you're just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access.
If this setting isn't configured, the entry for DirectAccess connectivity appears.
@@ -384,7 +384,7 @@ If this setting isn't configured, the entry for DirectAccess connectivity appear
-ADMX Info:
+ADMX Info:
- GP Friendly name: *User Interface*
- GP name: *ShowUI*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -395,7 +395,7 @@ ADMX Info:
-**ADMX_nca/SupportEmail**
+**ADMX_nca/SupportEmail**
@@ -421,7 +421,7 @@ ADMX Info:
-This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator.
+This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator.
When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.
@@ -429,7 +429,7 @@ When the user sends the log files to the Administrator, NCA uses the default e-m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Support Email Address*
- GP name: *SupportEmail*
- GP path: *Network\DirectAccess Client Experience Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index ddb9baa7e7..852728fcd1 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_NCSI.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_NCSI
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_NCSI policies
+## ADMX_NCSI policies
@@ -54,7 +54,7 @@ manager: aaroncz
-**ADMX_NCSI/NCSI_CorpDnsProbeContent**
+**ADMX_NCSI/NCSI_CorpDnsProbeContent**
@@ -85,7 +85,7 @@ This policy setting enables you to specify the expected address of the host name
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate DNS probe host address*
- GP name: *NCSI_CorpDnsProbeContent*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -96,7 +96,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_CorpDnsProbeHost**
+**ADMX_NCSI/NCSI_CorpDnsProbeHost**
@@ -128,7 +128,7 @@ This policy setting enables you to specify the host name of a computer known to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate DNS probe host name*
- GP name: *NCSI_CorpDnsProbeHost*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -139,7 +139,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_CorpSitePrefixes**
+**ADMX_NCSI/NCSI_CorpSitePrefixes**
@@ -171,7 +171,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate site prefix list*
- GP name: *NCSI_CorpSitePrefixes*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -182,7 +182,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_CorpWebProbeUrl**
+**ADMX_NCSI/NCSI_CorpWebProbeUrl**
@@ -214,7 +214,7 @@ This policy setting enables you to specify the URL of the corporate website, aga
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate Website probe URL*
- GP name: *NCSI_CorpWebProbeUrl*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -228,7 +228,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_DomainLocationDeterminationUrl**
+**ADMX_NCSI/NCSI_DomainLocationDeterminationUrl**
@@ -260,7 +260,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify domain location determination URL*
- GP name: *NCSI_DomainLocationDeterminationUrl*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -271,7 +271,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_GlobalDns**
+**ADMX_NCSI/NCSI_GlobalDns**
@@ -303,7 +303,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify global DNS*
- GP name: *NCSI_GlobalDns*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -314,7 +314,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_PassivePolling**
+**ADMX_NCSI/NCSI_PassivePolling**
@@ -346,7 +346,7 @@ This Policy setting enables you to specify passive polling behavior. NCSI polls
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify passive polling*
- GP name: *NCSI_PassivePolling*
- GP path: *Network\Network Connectivity Status Indicator*
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 119133aa16..22d8f1fe5a 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Netlogon.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/15/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Netlogon
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Netlogon policies
+## ADMX_Netlogon policies
@@ -138,7 +138,7 @@ manager: aaroncz
-**ADMX_Netlogon/Netlogon_AddressLookupOnPingBehavior**
+**ADMX_Netlogon/Netlogon_AddressLookupOnPingBehavior**
@@ -182,7 +182,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify address lookup behavior for DC locator ping*
- GP name: *Netlogon_AddressLookupOnPingBehavior*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -193,7 +193,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AddressTypeReturned**
+**ADMX_Netlogon/Netlogon_AddressTypeReturned**
@@ -232,7 +232,7 @@ If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Return domain controller address type*
- GP name: *Netlogon_AddressTypeReturned*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -245,7 +245,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AllowDnsSuffixSearch**
+**ADMX_Netlogon/Netlogon_AllowDnsSuffixSearch**
@@ -283,7 +283,7 @@ If you disable this policy setting, when the `AllowSingleLabelDnsDomain` policy
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.*
- GP name: *Netlogon_AllowDnsSuffixSearch*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -296,7 +296,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AllowNT4Crypto**
+**ADMX_Netlogon/Netlogon_AllowNT4Crypto**
@@ -325,10 +325,10 @@ ADMX Info:
This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier aren't as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
By default, Net Logon won't allow the older cryptography algorithms to be used and won't include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 won't be able to establish a connection to this domain controller.
-
+
If you enable this policy setting, Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorithms represents a potential security risk.
-If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms.
+If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms.
If you don't configure this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms.
@@ -336,7 +336,7 @@ If you don't configure this policy setting, Net Logon won't allow the negotiatio
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow cryptography algorithms compatible with Windows NT 4.0*
- GP name: *Netlogon_AllowNT4Crypto*
- GP path: *System\Net Logon*
@@ -349,7 +349,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AllowSingleLabelDnsDomain**
+**ADMX_Netlogon/Netlogon_AllowSingleLabelDnsDomain**
@@ -389,7 +389,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC*
- GP name: *Netlogon_AllowSingleLabelDnsDomain*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -402,7 +402,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AutoSiteCoverage**
+**ADMX_Netlogon/Netlogon_AutoSiteCoverage**
@@ -440,7 +440,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use automated site coverage by the DC Locator DNS SRV Records*
- GP name: *Netlogon_AutoSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -453,7 +453,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AvoidFallbackNetbiosDiscovery**
+**ADMX_Netlogon/Netlogon_AvoidFallbackNetbiosDiscovery**
@@ -494,7 +494,7 @@ If you disable this policy setting, the DC location algorithm can use NetBIOS-ba
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails*
- GP name: *Netlogon_AvoidFallbackNetbiosDiscovery*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -507,7 +507,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AvoidPdcOnWan**
+**ADMX_Netlogon/Netlogon_AvoidPdcOnWan**
@@ -539,7 +539,7 @@ Contacting the PDC emulator is useful in case the client’s password was recent
If you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password.
-If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator.
+If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator.
If you don't configure this policy setting, it isn't applied to any DCs.
@@ -547,7 +547,7 @@ If you don't configure this policy setting, it isn't applied to any DCs.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Contact PDC on logon failure*
- GP name: *Netlogon_AvoidPdcOnWan*
- GP path: *System\Net Logon*
@@ -560,7 +560,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundRetryInitialPeriod**
+**ADMX_Netlogon/Netlogon_BackgroundRetryInitialPeriod**
@@ -588,7 +588,7 @@ ADMX Info:
This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
-The default value for this setting is 10 minutes (10*60).
+The default value for this setting is 10 minutes (10*60).
The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.
@@ -603,7 +603,7 @@ If the value of this setting is less than the value specified in the NegativeCac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use initial DC discovery retry setting for background callers*
- GP name: *Netlogon_BackgroundRetryInitialPeriod*
- GP path: *System\Net Logon*
@@ -616,7 +616,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundRetryMaximumPeriod**
+**ADMX_Netlogon/Netlogon_BackgroundRetryMaximumPeriod**
@@ -661,7 +661,7 @@ If the value for this setting is too small and the DC isn't available, the frequ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use maximum DC discovery retry interval setting for background callers*
- GP name: *Netlogon_BackgroundRetryMaximumPeriod*
- GP path: *System\Net Logon*
@@ -674,7 +674,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundRetryQuitTime**
+**ADMX_Netlogon/Netlogon_BackgroundRetryQuitTime**
@@ -711,7 +711,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use final DC discovery retry setting for background callers*
- GP name: *Netlogon_BackgroundRetryQuitTime*
- GP path: *System\Net Logon*
@@ -724,7 +724,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundSuccessfulRefreshPeriod**
+**ADMX_Netlogon/Netlogon_BackgroundSuccessfulRefreshPeriod**
@@ -756,7 +756,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use positive periodic DC cache refresh for background callers*
- GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
@@ -769,7 +769,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DebugFlag**
+**ADMX_Netlogon/Netlogon_DebugFlag**
@@ -809,7 +809,7 @@ If you disable this policy setting or don't configure it, the default behavior o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify log file debug output level*
- GP name: *Netlogon_DebugFlag*
- GP path: *System\Net Logon*
@@ -822,7 +822,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsAvoidRegisterRecords**
+**ADMX_Netlogon/Netlogon_DnsAvoidRegisterRecords**
@@ -876,7 +876,7 @@ Select the mnemonics from the following table:
|GenericGcAtSite|SRV|_gc._tcp.``._sites.``|
|Rfc1510UdpKdc|SRV|_kerberos._udp.``|
|Rfc1510Kpwd|SRV|_kpasswd._tcp.``|
-|Rfc1510UdpKpwd|SRV|_kpasswd._udp.``|
+|Rfc1510UdpKpwd|SRV|_kpasswd._udp.``|
If you disable this policy setting, DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator DNS resource records.
@@ -886,7 +886,7 @@ If you don't configure this policy setting, DCs use their local configuration.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify DC Locator DNS records not registered by the DCs*
- GP name: *Netlogon_DnsAvoidRegisterRecords*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -899,7 +899,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsRefreshInterval**
+**ADMX_Netlogon/Netlogon_DnsRefreshInterval**
@@ -940,7 +940,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify Refresh Interval of the DC Locator DNS records*
- GP name: *Netlogon_DnsRefreshInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -953,7 +953,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsSrvRecordUseLowerCaseHostNames**
+**ADMX_Netlogon/Netlogon_DnsSrvRecordUseLowerCaseHostNames**
@@ -994,7 +994,7 @@ A reboot isn't required for changes to this setting to take effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use lowercase DNS host names when registering domain controller SRV records*
- GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1007,7 +1007,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsTtl**
+**ADMX_Netlogon/Netlogon_DnsTtl**
@@ -1042,7 +1042,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set TTL in the DC Locator DNS Records*
- GP name: *Netlogon_DnsTtl*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1055,7 +1055,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_ExpectedDialupDelay**
+**ADMX_Netlogon/Netlogon_ExpectedDialupDelay**
@@ -1091,7 +1091,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify expected dial-up delay on logon*
- GP name: *Netlogon_ExpectedDialupDelay*
- GP path: *System\Net Logon*
@@ -1104,7 +1104,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_ForceRediscoveryInterval**
+**ADMX_Netlogon/Netlogon_ForceRediscoveryInterval**
@@ -1144,7 +1144,7 @@ If you don't configure this policy setting, Force Rediscovery will be used by de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force Rediscovery Interval*
- GP name: *Netlogon_ForceRediscoveryInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1157,7 +1157,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_GcSiteCoverage**
+**ADMX_Netlogon/Netlogon_GcSiteCoverage**
@@ -1183,7 +1183,7 @@ ADMX Info:
-This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
+This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
@@ -1195,7 +1195,7 @@ If you don't configure this policy setting, it isn't applied to any GCs, and GCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify sites covered by the GC Locator DNS SRV Records*
- GP name: *Netlogon_GcSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1208,7 +1208,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_IgnoreIncomingMailslotMessages**
+**ADMX_Netlogon/Netlogon_IgnoreIncomingMailslotMessages**
@@ -1249,7 +1249,7 @@ If you disable or don't configure this policy setting, this DC processes incomin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names*
- GP name: *Netlogon_IgnoreIncomingMailslotMessages*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1262,7 +1262,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_LdapSrvPriority**
+**ADMX_Netlogon/Netlogon_LdapSrvPriority**
@@ -1300,7 +1300,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Priority in the DC Locator DNS SRV records*
- GP name: *Netlogon_LdapSrvPriority*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1313,7 +1313,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_LdapSrvWeight**
+**ADMX_Netlogon/Netlogon_LdapSrvWeight**
@@ -1351,7 +1351,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Weight in the DC Locator DNS SRV records*
- GP name: *Netlogon_LdapSrvWeight*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1364,7 +1364,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_MaximumLogFileSize**
+**ADMX_Netlogon/Netlogon_MaximumLogFileSize**
@@ -1400,7 +1400,7 @@ If you disable or don't configure this policy setting, the default behavior occu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify maximum log file size*
- GP name: *Netlogon_MaximumLogFileSize*
- GP path: *System\Net Logon*
@@ -1413,7 +1413,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NdncSiteCoverage**
+**ADMX_Netlogon/Netlogon_NdncSiteCoverage**
@@ -1439,7 +1439,7 @@ ADMX Info:
-This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
+This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
@@ -1451,7 +1451,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify sites covered by the application directory partition DC Locator DNS SRV records*
- GP name: *Netlogon_NdncSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1464,7 +1464,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NegativeCachePeriod**
+**ADMX_Netlogon/Netlogon_NegativeCachePeriod**
@@ -1501,7 +1501,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify negative DC Discovery cache setting*
- GP name: *Netlogon_NegativeCachePeriod*
- GP path: *System\Net Logon*
@@ -1514,7 +1514,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NetlogonShareCompatibilityMode**
+**ADMX_Netlogon/Netlogon_NetlogonShareCompatibilityMode**
@@ -1557,7 +1557,7 @@ If you enable this policy setting, domain administrators should ensure that the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Netlogon share compatibility*
- GP name: *Netlogon_NetlogonShareCompatibilityMode*
- GP path: *System\Net Logon*
@@ -1570,7 +1570,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NonBackgroundSuccessfulRefreshPeriod**
+**ADMX_Netlogon/Netlogon_NonBackgroundSuccessfulRefreshPeriod**
@@ -1604,7 +1604,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify positive periodic DC Cache refresh for non-background callers*
- GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
@@ -1617,7 +1617,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_PingUrgencyMode**
+**ADMX_Netlogon/Netlogon_PingUrgencyMode**
@@ -1660,7 +1660,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use urgent mode when pinging domain controllers*
- GP name: *Netlogon_PingUrgencyMode*
- GP path: *System\Net Logon*
@@ -1673,7 +1673,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_ScavengeInterval**
+**ADMX_Netlogon/Netlogon_ScavengeInterval**
@@ -1715,7 +1715,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set scavenge interval*
- GP name: *Netlogon_ScavengeInterval*
- GP path: *System\Net Logon*
@@ -1728,7 +1728,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_SiteCoverage**
+**ADMX_Netlogon/Netlogon_SiteCoverage**
@@ -1754,7 +1754,7 @@ ADMX Info:
-This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
+This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
The DC Locator DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
@@ -1766,7 +1766,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify sites covered by the DC Locator DNS SRV records*
- GP name: *Netlogon_SiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1779,7 +1779,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_SiteName**
+**ADMX_Netlogon/Netlogon_SiteName**
@@ -1817,7 +1817,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify site name*
- GP name: *Netlogon_SiteName*
- GP path: *System\Net Logon*
@@ -1830,7 +1830,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode**
+**ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode**
@@ -1873,7 +1873,7 @@ If you enable this policy setting, domain administrators should ensure that the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set SYSVOL share compatibility*
- GP name: *Netlogon_SysvolShareCompatibilityMode*
- GP path: *System\Net Logon*
@@ -1886,7 +1886,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_TryNextClosestSite**
+**ADMX_Netlogon/Netlogon_TryNextClosestSite**
@@ -1914,7 +1914,7 @@ ADMX Info:
This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site isn't found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
-The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none is found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost.
+The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none is found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost.
If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer.
@@ -1926,7 +1926,7 @@ If you don't configure this policy setting, Try Next Closest Site DC Location wo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Try Next Closest Site*
- GP name: *Netlogon_TryNextClosestSite*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1939,7 +1939,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_UseDynamicDns**
+**ADMX_Netlogon/Netlogon_UseDynamicDns**
@@ -1977,7 +1977,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify dynamic registration of the DC Locator DNS Records*
- GP name: *Netlogon_UseDynamicDns*
- GP path: *System\Net Logon\DC Locator DNS Records*
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 178901d5b6..c027b216d6 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_NetworkConnections.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/21/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_NetworkConnections
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_NetworkConnections policies
+## ADMX_NetworkConnections policies
@@ -114,7 +114,7 @@ manager: aaroncz
-**ADMX_NetworkConnections/NC_AddRemoveComponents**
+**ADMX_NetworkConnections/NC_AddRemoveComponents**
@@ -161,7 +161,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit adding and removing components for a LAN or remote access connection*
- GP name: *NC_AddRemoveComponents*
- GP path: *Network\Network Connections*
@@ -172,7 +172,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_AdvancedSettings**
+**ADMX_NetworkConnections/NC_AdvancedSettings**
@@ -215,7 +215,7 @@ If you disable this setting or don't configure it, the Advanced Settings item is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to the Advanced Settings item on the Advanced menu*
- GP name: *NC_AdvancedSettings*
- GP path: *Network\Network Connections*
@@ -226,7 +226,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig**
+**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig**
@@ -274,7 +274,7 @@ Changing this setting from Enabled to Not Configured doesn't enable the Advanced
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit TCP/IP advanced configuration*
- GP name: *NC_AllowAdvancedTCPIPConfig*
- GP path: *Network\Network Connections*
@@ -285,7 +285,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_ChangeBindState**
+**ADMX_NetworkConnections/NC_ChangeBindState**
@@ -328,7 +328,7 @@ If you disable this setting or don't configure it, the Properties dialog box for
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit Enabling/Disabling components of a LAN connection*
- GP name: *NC_ChangeBindState*
- GP path: *Network\Network Connections*
@@ -339,7 +339,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DeleteAllUserConnection**
+**ADMX_NetworkConnections/NC_DeleteAllUserConnection**
@@ -381,14 +381,14 @@ When enabled, the "Prohibit deletion of remote access connections" setting takes
> [!NOTE]
> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection.
->
+>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to delete all user remote access connections*
- GP name: *NC_DeleteAllUserConnection*
- GP path: *Network\Network Connections*
@@ -399,7 +399,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DeleteConnection**
+**ADMX_NetworkConnections/NC_DeleteConnection**
@@ -439,14 +439,14 @@ When enabled, this setting takes precedence over the "Ability to delete all user
> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection.
>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
->
+>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit deletion of remote access connections*
- GP name: *NC_DeleteConnection*
- GP path: *Network\Network Connections*
@@ -457,7 +457,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DialupPrefs**
+**ADMX_NetworkConnections/NC_DialupPrefs**
@@ -497,7 +497,7 @@ If you disable this setting or don't configure it, the Remote Access Preferences
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to the Remote Access Preferences item on the Advanced menu*
- GP name: *NC_DialupPrefs*
- GP path: *Network\Network Connections*
@@ -508,7 +508,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon**
+**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon**
@@ -544,7 +544,7 @@ If you disable this setting or don't configure it, the "local access only" icon
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not show the "local access only" network icon*
- GP name: *NC_DoNotShowLocalOnlyIcon*
- GP path: *Network\Network Connections*
@@ -555,7 +555,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_EnableAdminProhibits**
+**ADMX_NetworkConnections/NC_EnableAdminProhibits**
@@ -597,7 +597,7 @@ If you disable this setting or don't configure it, Windows settings that existed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Windows 2000 Network Connections settings for Administrators*
- GP name: *NC_EnableAdminProhibits*
- GP path: *Network\Network Connections*
@@ -608,7 +608,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_ForceTunneling**
+**ADMX_NetworkConnections/NC_ForceTunneling**
@@ -648,7 +648,7 @@ If you don't configure this policy setting, traffic between remote client comput
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Route all traffic through the internal network*
- GP name: *NC_ForceTunneling*
- GP path: *Network\Network Connections*
@@ -659,7 +659,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_IpStateChecking**
+**ADMX_NetworkConnections/NC_IpStateChecking**
@@ -695,7 +695,7 @@ If you disable or don't configure this policy setting, a DHCP-configured connect
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off notifications when a connection has only limited or no connectivity*
- GP name: *NC_IpStateChecking*
- GP path: *Network\Network Connections*
@@ -706,7 +706,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_LanChangeProperties**
+**ADMX_NetworkConnections/NC_LanChangeProperties**
@@ -757,7 +757,7 @@ The Local Area Connection Properties dialog box includes a list of the network c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to properties of components of a LAN connection*
- GP name: *NC_LanChangeProperties*
- GP path: *Network\Network Connections*
@@ -768,7 +768,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_LanConnect**
+**ADMX_NetworkConnections/NC_LanConnect**
@@ -811,7 +811,7 @@ If you don't configure this setting, only Administrators and Network Configurati
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to Enable/Disable a LAN connection*
- GP name: *NC_LanConnect*
- GP path: *Network\Network Connections*
@@ -822,7 +822,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_LanProperties**
+**ADMX_NetworkConnections/NC_LanProperties**
@@ -867,7 +867,7 @@ If you disable this setting or don't configure it, a Properties menu item appear
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to properties of a LAN connection*
- GP name: *NC_LanProperties*
- GP path: *Network\Network Connections*
@@ -878,7 +878,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_NewConnectionWizard**
+**ADMX_NetworkConnections/NC_NewConnectionWizard**
@@ -921,7 +921,7 @@ If you disable this setting or don't configure it, the Make New Connection icon
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to the New Connection Wizard*
- GP name: *NC_NewConnectionWizard*
- GP path: *Network\Network Connections*
@@ -932,7 +932,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_PersonalFirewallConfig**
+**ADMX_NetworkConnections/NC_PersonalFirewallConfig**
@@ -977,7 +977,7 @@ If you disable this setting or don't configure it, the Internet Connection Firew
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit use of Internet Connection Firewall on your DNS domain network*
- GP name: *NC_PersonalFirewallConfig*
- GP path: *Network\Network Connections*
@@ -988,7 +988,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasAllUserProperties**
+**ADMX_NetworkConnections/NC_RasAllUserProperties**
@@ -1030,14 +1030,14 @@ If you don't configure this setting, only Administrators and Network Configurati
> [!NOTE]
> This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users.
->
+>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to change properties of an all user remote access connection*
- GP name: *NC_RasAllUserProperties*
- GP path: *Network\Network Connections*
@@ -1048,7 +1048,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasChangeProperties**
+**ADMX_NetworkConnections/NC_RasChangeProperties**
@@ -1097,7 +1097,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to properties of components of a remote access connection*
- GP name: *NC_RasChangeProperties*
- GP path: *Network\Network Connections*
@@ -1108,7 +1108,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasConnect**
+**ADMX_NetworkConnections/NC_RasConnect**
@@ -1146,7 +1146,7 @@ If you disable this setting or don't configure it, the Connect and Disconnect op
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit connecting and disconnecting a remote access connection*
- GP name: *NC_RasConnect*
- GP path: *Network\Network Connections*
@@ -1157,7 +1157,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasMyProperties**
+**ADMX_NetworkConnections/NC_RasMyProperties**
@@ -1204,7 +1204,7 @@ If you disable this setting or don't configure it, a Properties menu item appear
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit changing properties of a private remote access connection*
- GP name: *NC_RasMyProperties*
- GP path: *Network\Network Connections*
@@ -1215,7 +1215,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameAllUserRasConnection**
+**ADMX_NetworkConnections/NC_RenameAllUserRasConnection**
@@ -1262,7 +1262,7 @@ This setting doesn't prevent users from using other programs, such as Internet E
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to rename all user remote access connections*
- GP name: *NC_RenameAllUserRasConnection*
- GP path: *Network\Network Connections*
@@ -1273,7 +1273,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameConnection**
+**ADMX_NetworkConnections/NC_RenameConnection**
@@ -1318,7 +1318,7 @@ If this setting isn't configured, only Administrators and Network Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to rename LAN connections or remote access connections available to all users*
- GP name: *NC_RenameConnection*
- GP path: *Network\Network Connections*
@@ -1329,7 +1329,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameLanConnection**
+**ADMX_NetworkConnections/NC_RenameLanConnection**
@@ -1372,7 +1372,7 @@ When the "Ability to rename LAN connections or remote access connections availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to rename LAN connections*
- GP name: *NC_RenameLanConnection*
- GP path: *Network\Network Connections*
@@ -1383,7 +1383,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameMyRasConnection**
+**ADMX_NetworkConnections/NC_RenameMyRasConnection**
@@ -1426,7 +1426,7 @@ If you disable this setting or don't configure it, the Rename option is enabled
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit renaming private remote access connections*
- GP name: *NC_RenameMyRasConnection*
- GP path: *Network\Network Connections*
@@ -1437,7 +1437,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_ShowSharedAccessUI**
+**ADMX_NetworkConnections/NC_ShowSharedAccessUI**
@@ -1469,7 +1469,7 @@ ICS lets administrators configure their system as an Internet gateway for a smal
If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
-If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard.
+If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard.
By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When administrators are running the New Connection Wizard or Network Setup Wizard, they can choose to enable ICS.
@@ -1486,7 +1486,7 @@ Disabling this setting doesn't prevent Wireless Hosted Networking from using the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
- GP name: *NC_ShowSharedAccessUI*
- GP path: *Network\Network Connections*
@@ -1497,7 +1497,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_Statistics**
+**ADMX_NetworkConnections/NC_Statistics**
@@ -1537,7 +1537,7 @@ If you disable this setting or don't configure it, the connection status taskbar
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit viewing of status for an active connection*
- GP name: *NC_Statistics*
- GP path: *Network\Network Connections*
@@ -1548,7 +1548,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_StdDomainUserSetLocation**
+**ADMX_NetworkConnections/NC_StdDomainUserSetLocation**
@@ -1584,7 +1584,7 @@ If you disable or don't configure this policy setting, domain users can set a ne
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require domain users to elevate when setting a network's location*
- GP name: *NC_StdDomainUserSetLocation*
- GP path: *Network\Network Connections*
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index efc0936d36..3105a17fd2 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_OfflineFiles.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_OfflineFiles
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_OfflineFiles policies
+## ADMX_OfflineFiles policies
@@ -171,7 +171,7 @@ manager: aaroncz
-**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
+**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
@@ -209,7 +209,7 @@ If you disable this setting or don't configure it, the system asks users whether
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Subfolders always available offline*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1**
+**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1**
@@ -261,7 +261,7 @@ If you don't configure this policy setting, no files or folders are made availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify administratively assigned Offline Files*
- GP name: *Pol_AssignedOfflineFiles_1*
- GP path: *Network\Offline Files*
@@ -272,7 +272,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2**
+**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2**
@@ -313,7 +313,7 @@ If you don't configure this policy setting, no files or folders are made availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify administratively assigned Offline Files*
- GP name: *Pol_AssignedOfflineFiles_2*
- GP path: *Network\Offline Files*
@@ -324,7 +324,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_BackgroundSyncSettings**
+**ADMX_OfflineFiles/Pol_BackgroundSyncSettings**
@@ -362,7 +362,7 @@ If you disable or don't configure this policy setting, Windows performs a backgr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Background Sync*
- GP name: *Pol_BackgroundSyncSettings*
- GP path: *Network\Offline Files*
@@ -373,7 +373,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_CacheSize**
+**ADMX_OfflineFiles/Pol_CacheSize**
@@ -421,7 +421,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit disk space used by Offline Files*
- GP name: *Pol_CacheSize*
- GP path: *Network\Offline Files*
@@ -432,7 +432,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_1**
+**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_1**
@@ -482,7 +482,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_CustomGoOfflineActions_1*
- GP path: *Network\Offline Files*
@@ -493,7 +493,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_2**
+**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_2**
@@ -525,7 +525,7 @@ This setting also disables the "When a network connection is lost" option on the
If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
-- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
+- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
- "Never go offline" indicates that network files aren't available while the server is inaccessible.
If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
@@ -543,7 +543,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_CustomGoOfflineActions_2*
- GP path: *Network\Offline Files*
@@ -554,7 +554,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_DefCacheSize**
+**ADMX_OfflineFiles/Pol_DefCacheSize**
@@ -601,7 +601,7 @@ If you don't configure this setting, disk space for automatically cached files i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default cache size*
- GP name: *Pol_DefCacheSize*
- GP path: *Network\Offline Files*
@@ -612,7 +612,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_Enabled**
+**ADMX_OfflineFiles/Pol_Enabled**
@@ -653,7 +653,7 @@ If you don't configure this policy setting, Offline Files is enabled on Windows
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of the Offline Files feature*
- GP name: *Pol_Enabled*
- GP path: *Network\Offline Files*
@@ -664,7 +664,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_EncryptOfflineFiles**
+**ADMX_OfflineFiles/Pol_EncryptOfflineFiles**
@@ -708,7 +708,7 @@ This setting is applied at user sign-in. If this setting is changed after user s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Encrypt the Offline Files cache*
- GP name: *Pol_EncryptOfflineFiles*
- GP path: *Network\Offline Files*
@@ -719,7 +719,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_EventLoggingLevel_1**
+**ADMX_OfflineFiles/Pol_EventLoggingLevel_1**
@@ -766,7 +766,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event logging level*
- GP name: *Pol_EventLoggingLevel_1*
- GP path: *Network\Offline Files*
@@ -777,7 +777,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_EventLoggingLevel_2**
+**ADMX_OfflineFiles/Pol_EventLoggingLevel_2**
@@ -809,7 +809,7 @@ Offline Files records events in the Application login Event Viewer when it detec
To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
-- "0" records an error when the offline storage cache is corrupted.
+- "0" records an error when the offline storage cache is corrupted.
- "1" also records an event when the server hosting the offline file is disconnected from the network.
- "2" also records events when the local computer is connected and disconnected from the network.
- "3" also records an event when the server hosting the offline file is reconnected to the network.
@@ -821,7 +821,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event logging level*
- GP name: *Pol_EventLoggingLevel_2*
- GP path: *Network\Offline Files*
@@ -832,7 +832,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ExclusionListSettings**
+**ADMX_OfflineFiles/Pol_ExclusionListSettings**
@@ -868,7 +868,7 @@ If you disable or don't configure this policy setting, a user can create a file
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable file screens*
- GP name: *Pol_ExclusionListSettings*
- GP path: *Network\Offline Files*
@@ -879,7 +879,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ExtExclusionList**
+**ADMX_OfflineFiles/Pol_ExtExclusionList**
@@ -920,7 +920,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Files not cached*
- GP name: *Pol_ExtExclusionList*
- GP path: *Network\Offline Files*
@@ -931,7 +931,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_GoOfflineAction_1**
+**ADMX_OfflineFiles/Pol_GoOfflineAction_1**
@@ -982,7 +982,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_GoOfflineAction_1*
- GP path: *Network\Offline Files*
@@ -993,7 +993,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_GoOfflineAction_2**
+**ADMX_OfflineFiles/Pol_GoOfflineAction_2**
@@ -1044,7 +1044,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_GoOfflineAction_2*
- GP path: *Network\Offline Files*
@@ -1055,7 +1055,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoCacheViewer_1**
+**ADMX_OfflineFiles/Pol_NoCacheViewer_1**
@@ -1096,7 +1096,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent use of Offline Files folder*
- GP name: *Pol_NoCacheViewer_1*
- GP path: *Network\Offline Files*
@@ -1107,7 +1107,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoCacheViewer_2**
+**ADMX_OfflineFiles/Pol_NoCacheViewer_2**
@@ -1148,7 +1148,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent use of Offline Files folder*
- GP name: *Pol_NoCacheViewer_2*
- GP path: *Network\Offline Files*
@@ -1159,7 +1159,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoConfigCache_1**
+**ADMX_OfflineFiles/Pol_NoConfigCache_1**
@@ -1200,7 +1200,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit user configuration of Offline Files*
- GP name: *Pol_NoConfigCache_1*
- GP path: *Network\Offline Files*
@@ -1211,7 +1211,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoConfigCache_2**
+**ADMX_OfflineFiles/Pol_NoConfigCache_2**
@@ -1252,7 +1252,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit user configuration of Offline Files*
- GP name: *Pol_NoConfigCache_2*
- GP path: *Network\Offline Files*
@@ -1263,7 +1263,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_1**
+**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_1**
@@ -1303,7 +1303,7 @@ If you disable or don't configure this policy setting, users can manually specif
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" command*
- GP name: *Pol_NoMakeAvailableOffline_1*
- GP path: *Network\Offline Files*
@@ -1314,7 +1314,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_2**
+**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_2**
@@ -1354,7 +1354,7 @@ If you disable or don't configure this policy setting, users can manually specif
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" command*
- GP name: *Pol_NoMakeAvailableOffline_2*
- GP path: *Network\Offline Files*
@@ -1365,7 +1365,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoPinFiles_1**
+**ADMX_OfflineFiles/Pol_NoPinFiles_1**
@@ -1409,7 +1409,7 @@ If you don't configure this policy setting, the "Make Available Offline" command
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" for these files and folders*
- GP name: *Pol_NoPinFiles_1*
- GP path: *Network\Offline Files*
@@ -1420,7 +1420,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoPinFiles_2**
+**ADMX_OfflineFiles/Pol_NoPinFiles_2**
@@ -1464,7 +1464,7 @@ If you don't configure this policy setting, the "Make Available Offline" command
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" for these files and folders*
- GP name: *Pol_NoPinFiles_2*
- GP path: *Network\Offline Files*
@@ -1475,7 +1475,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoReminders_1**
+**ADMX_OfflineFiles/Pol_NoReminders_1**
@@ -1522,7 +1522,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off reminder balloons*
- GP name: *Pol_NoReminders_1*
- GP path: *Network\Offline Files*
@@ -1533,7 +1533,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoReminders_2**
+**ADMX_OfflineFiles/Pol_NoReminders_2**
@@ -1580,7 +1580,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off reminder balloons*
- GP name: *Pol_NoReminders_2*
- GP path: *Network\Offline Files*
@@ -1591,7 +1591,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_OnlineCachingSettings**
+**ADMX_OfflineFiles/Pol_OnlineCachingSettings**
@@ -1631,7 +1631,7 @@ If you disable or don't configure this policy setting, remote files won't be tra
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Transparent Caching*
- GP name: *Pol_OnlineCachingSettings*
- GP path: *Network\Offline Files*
@@ -1642,7 +1642,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
+**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
@@ -1680,7 +1680,7 @@ If you disable this setting or don't configure it, the system asks users whether
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Subfolders always available offline*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
@@ -1691,7 +1691,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_PurgeAtLogoff**
+**ADMX_OfflineFiles/Pol_PurgeAtLogoff**
@@ -1730,7 +1730,7 @@ If you disable this setting or don't configure it, automatically and manually ca
-ADMX Info:
+ADMX Info:
- GP Friendly name: *At logoff, delete local copy of user’s offline files*
- GP name: *Pol_PurgeAtLogoff*
- GP path: *Network\Offline Files*
@@ -1741,7 +1741,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_QuickAdimPin**
+**ADMX_OfflineFiles/Pol_QuickAdimPin**
@@ -1777,7 +1777,7 @@ If you disable this policy setting, all administratively assigned folders are sy
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on economical application of administratively assigned Offline Files*
- GP name: *Pol_QuickAdimPin*
- GP path: *Network\Offline Files*
@@ -1788,7 +1788,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderFreq_1**
+**ADMX_OfflineFiles/Pol_ReminderFreq_1**
@@ -1829,7 +1829,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon frequency*
- GP name: *Pol_ReminderFreq_1*
- GP path: *Network\Offline Files*
@@ -1840,7 +1840,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderFreq_2**
+**ADMX_OfflineFiles/Pol_ReminderFreq_2**
@@ -1881,7 +1881,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon frequency*
- GP name: *Pol_ReminderFreq_2*
- GP path: *Network\Offline Files*
@@ -1892,7 +1892,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderInitTimeout_1**
+**ADMX_OfflineFiles/Pol_ReminderInitTimeout_1**
@@ -1928,7 +1928,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Initial reminder balloon lifetime*
- GP name: *Pol_ReminderInitTimeout_1*
- GP path: *Network\Offline Files*
@@ -1939,7 +1939,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderInitTimeout_2**
+**ADMX_OfflineFiles/Pol_ReminderInitTimeout_2**
@@ -1975,7 +1975,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Initial reminder balloon lifetime*
- GP name: *Pol_ReminderInitTimeout_2*
- GP path: *Network\Offline Files*
@@ -1986,7 +1986,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderTimeout_1**
+**ADMX_OfflineFiles/Pol_ReminderTimeout_1**
@@ -2022,7 +2022,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon lifetime*
- GP name: *Pol_ReminderTimeout_1*
- GP path: *Network\Offline Files*
@@ -2033,7 +2033,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderTimeout_2**
+**ADMX_OfflineFiles/Pol_ReminderTimeout_2**
@@ -2069,7 +2069,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon lifetime*
- GP name: *Pol_ReminderTimeout_2*
- GP path: *Network\Offline Files*
@@ -2080,7 +2080,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SlowLinkSettings**
+**ADMX_OfflineFiles/Pol_SlowLinkSettings**
@@ -2126,7 +2126,7 @@ If you disable this policy setting, computers won't use the slow-link mode.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure slow-link mode*
- GP name: *Pol_SlowLinkSettings*
- GP path: *Network\Offline Files*
@@ -2137,7 +2137,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SlowLinkSpeed**
+**ADMX_OfflineFiles/Pol_SlowLinkSpeed**
@@ -2177,7 +2177,7 @@ If this setting is disabled or not configured, the default threshold value of 64
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Slow link speed*
- GP name: *Pol_SlowLinkSpeed*
- GP path: *Network\Offline Files*
@@ -2188,7 +2188,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogoff_1**
+**ADMX_OfflineFiles/Pol_SyncAtLogoff_1**
@@ -2233,7 +2233,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files before logging off*
- GP name: *Pol_SyncAtLogoff_1*
- GP path: *Network\Offline Files*
@@ -2244,7 +2244,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogoff_2**
+**ADMX_OfflineFiles/Pol_SyncAtLogoff_2**
@@ -2289,7 +2289,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files before logging off*
- GP name: *Pol_SyncAtLogoff_2*
- GP path: *Network\Offline Files*
@@ -2300,7 +2300,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogon_1**
+**ADMX_OfflineFiles/Pol_SyncAtLogon_1**
@@ -2345,7 +2345,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files when logging on*
- GP name: *Pol_SyncAtLogon_1*
- GP path: *Network\Offline Files*
@@ -2358,7 +2358,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogon_2**
+**ADMX_OfflineFiles/Pol_SyncAtLogon_2**
@@ -2403,7 +2403,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files when logging on*
- GP name: *Pol_SyncAtLogon_2*
- GP path: *Network\Offline Files*
@@ -2414,7 +2414,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtSuspend_1**
+**ADMX_OfflineFiles/Pol_SyncAtSuspend_1**
@@ -2453,7 +2453,7 @@ If you disable or don't configure this setting, files aren't synchronized when t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize offline files before suspend*
- GP name: *Pol_SyncAtSuspend_1*
- GP path: *Network\Offline Files*
@@ -2464,7 +2464,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtSuspend_2**
+**ADMX_OfflineFiles/Pol_SyncAtSuspend_2**
@@ -2503,7 +2503,7 @@ If you disable or don't configure this setting, files aren't synchronized when t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize offline files before suspend*
- GP name: *Pol_SyncAtSuspend_2*
- GP path: *Network\Offline Files*
@@ -2514,7 +2514,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncOnCostedNetwork**
+**ADMX_OfflineFiles/Pol_SyncOnCostedNetwork**
@@ -2550,7 +2550,7 @@ If this setting is disabled or not configured, synchronization won't run in the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable file synchronization on costed networks*
- GP name: *Pol_SyncOnCostedNetwork*
- GP path: *Network\Offline Files*
@@ -2561,7 +2561,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1**
+**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1**
@@ -2597,7 +2597,7 @@ If you disable or don't configure this policy setting, the "Work offline" comman
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Work offline" command*
- GP name: *Pol_WorkOfflineDisabled_1*
- GP path: *Network\Offline Files*
@@ -2608,7 +2608,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2**
+**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2**
@@ -2644,7 +2644,7 @@ If you disable or don't configure this policy setting, the "Work offline" comman
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Work offline" command*
- GP name: *Pol_WorkOfflineDisabled_2*
- GP path: *Network\Offline Files*
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index 28a333dfcc..1efbbae1cd 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_pca.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_pca
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_pca policies
+## ADMX_pca policies
@@ -55,7 +55,7 @@ manager: aaroncz
**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy**
-
+
|Edition|Windows 10|Windows 11|
@@ -80,16 +80,16 @@ manager: aaroncz
-This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.
+This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.
-If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
+If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
-If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers.
+If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers.
-If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
+If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
> [!NOTE]
-> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled.
+> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled.
The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
@@ -97,7 +97,7 @@ The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect compatibility issues for applications and drivers*
- GP name: *DetectDeprecatedCOMComponentFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -107,7 +107,7 @@ ADMX Info:
-**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**
+**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**
@@ -133,16 +133,16 @@ ADMX Info:
-This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
-To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative
+To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative
Templates\Windows Components\Application Compatibility.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application install failures*
- GP name: *DetectDeprecatedComponentFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -153,7 +153,7 @@ ADMX Info:
-**ADMX_pca/DetectInstallFailuresPolicy**
+**ADMX_pca/DetectInstallFailuresPolicy**
@@ -185,7 +185,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect applications unable to launch installers under UAC*
- GP name: *DetectInstallFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -195,7 +195,7 @@ ADMX Info:
-**ADMX_pca/DetectUndetectedInstallersPolicy**
+**ADMX_pca/DetectUndetectedInstallersPolicy**
@@ -228,7 +228,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application failures caused by deprecated Windows DLLs*
- GP name: *DetectUndetectedInstallersPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -238,7 +238,7 @@ ADMX Info:
-**ADMX_pca/DetectUpdateFailuresPolicy**
+**ADMX_pca/DetectUpdateFailuresPolicy**
@@ -273,7 +273,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application failures caused by deprecated COM objects*
- GP name: *DetectUpdateFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -283,7 +283,7 @@ ADMX Info:
-**ADMX_pca/DisablePcaUIPolicy**
+**ADMX_pca/DisablePcaUIPolicy**
@@ -318,7 +318,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application installers that need to be run as administrator*
- GP name: *DisablePcaUIPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -328,7 +328,7 @@ ADMX Info:
-**ADMX_pca/DetectBlockedDriversPolicy**
+**ADMX_pca/DetectBlockedDriversPolicy**
@@ -363,7 +363,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Notify blocked drivers*
- GP name: *DetectBlockedDriversPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index b5e4199768..b3727a7219 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_PeerToPeerCaching.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/16/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_PeerToPeerCaching
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PeerToPeerCaching policies
+## ADMX_PeerToPeerCaching policies
@@ -59,7 +59,7 @@ manager: aaroncz
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache**
@@ -85,7 +85,7 @@ manager: aaroncz
-This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following policy settings:
+This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following policy settings:
- Set BranchCache Distributed Cache mode
- Set BranchCache Hosted Cache mode
@@ -104,7 +104,7 @@ For policy configuration, select one of the following options:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on BranchCache*
- GP name: *EnableWindowsBranchCache*
- GP path: *Network\BranchCache*
@@ -115,7 +115,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed**
@@ -158,7 +158,7 @@ For policy configuration, select one of the following options:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set BranchCache Distributed Cache mode*
- GP name: *EnableWindowsBranchCache_Distributed*
- GP path: *Network\BranchCache*
@@ -169,7 +169,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted**
@@ -207,7 +207,7 @@ For policy configuration, select one of the following options:
In circumstances where this setting is enabled, you can also select and configure the following option:
-- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate.
+- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate.
Hosted cache clients must trust the server certificate that is issued to the hosted cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hosted cache client computers.
@@ -218,7 +218,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set BranchCache Hosted Cache mode*
- GP name: *EnableWindowsBranchCache_Hosted*
- GP path: *Network\BranchCache*
@@ -229,7 +229,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedCacheDiscovery**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedCacheDiscovery**
@@ -267,7 +267,7 @@ If the policy setting "Set BranchCache Distributed Cache Mode" is applied in add
If the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer doesn't perform automatically hosted cache discovery. This restriction is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied.
-This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista.
+This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista.
If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point.
@@ -281,7 +281,7 @@ For policy configuration, select one of the following options:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Automatic Hosted Cache Discovery by Service Connection Point*
- GP name: *EnableWindowsBranchCache_HostedCacheDiscovery*
- GP path: *Network\BranchCache*
@@ -292,7 +292,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedMultipleServers**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedMultipleServers**
@@ -340,7 +340,7 @@ In circumstances where this setting is enabled, you can also select and configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Hosted Cache Servers*
- GP name: *EnableWindowsBranchCache_HostedMultipleServers*
- GP path: *Network\BranchCache*
@@ -351,7 +351,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_SMB**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_SMB**
@@ -393,7 +393,7 @@ In circumstances where this policy setting is enabled, you can also select and c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure BranchCache for network files*
- GP name: *EnableWindowsBranchCache_SMB*
- GP path: *Network\BranchCache*
@@ -404,7 +404,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/SetCachePercent**
+**ADMX_PeerToPeerCaching/SetCachePercent**
@@ -453,7 +453,7 @@ In circumstances where this setting is enabled, you can also select and configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set percentage of disk space used for client computer cache*
- GP name: *SetCachePercent*
- GP path: *Network\BranchCache*
@@ -464,7 +464,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge**
+**ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge**
@@ -510,7 +510,7 @@ In circumstances where this setting is enabled, you can also select and configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set age for segments in the data cache*
- GP name: *SetDataCacheEntryMaxAge*
- GP path: *Network\BranchCache*
@@ -521,7 +521,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/SetDowngrading**
+**ADMX_PeerToPeerCaching/SetDowngrading**
@@ -570,7 +570,7 @@ Select from the following versions
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Client BranchCache Version Support*
- GP name: *SetDowngrading*
- GP path: *Network\BranchCache*
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index 322223fccc..b097ae7f99 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_PenTraining.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/22/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_PenTraining
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PenTraining policies
+## ADMX_PenTraining policies
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_PenTraining/PenTrainingOff_1**
+**ADMX_PenTraining/PenTrainingOff_1**
@@ -64,9 +64,9 @@ manager: aaroncz
-Turns off Tablet PC Pen Training.
+Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users can't open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -74,7 +74,7 @@ Turns off Tablet PC Pen Training.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC Pen Training*
- GP name: *PenTrainingOff_1*
- GP path: *Windows Components\Tablet PC\Tablet PC Pen Training*
@@ -85,7 +85,7 @@ ADMX Info:
-**ADMX_PenTraining/PenTrainingOff_2**
+**ADMX_PenTraining/PenTrainingOff_2**
@@ -111,9 +111,9 @@ ADMX Info:
-Turns off Tablet PC Pen Training.
+Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users can't open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -121,7 +121,7 @@ Turns off Tablet PC Pen Training.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC Pen Training*
- GP name: *PenTrainingOff_2*
- GP path: *Windows Components\Tablet PC\Tablet PC Pen Training*
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 7c956fcf64..e3cb20c6c1 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_PerformanceDiagnostics.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/16/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_PerformanceDiagnostics
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PerformanceDiagnostics policies
+## ADMX_PerformanceDiagnostics policies
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1**
@@ -90,7 +90,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_1*
- GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics*
@@ -101,7 +101,7 @@ ADMX Info:
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2**
@@ -145,7 +145,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_2*
- GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics*
@@ -156,7 +156,7 @@ ADMX Info:
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3**
@@ -200,7 +200,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_3*
- GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics*
@@ -211,7 +211,7 @@ ADMX Info:
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4**
@@ -255,7 +255,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_4*
- GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics*
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index e1e9ee133b..e43327ec72 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Power.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/22/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Power
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Power policies
+## ADMX_Power policies
@@ -108,7 +108,7 @@ manager: aaroncz
-**ADMX_Power/ACConnectivityInStandby_2**
+**ADMX_Power/ACConnectivityInStandby_2**
@@ -146,7 +146,7 @@ If you don't configure this policy setting, users control this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow network connectivity during connected-standby (plugged in)*
- GP name: *ACConnectivityInStandby_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -157,7 +157,7 @@ ADMX Info:
-**ADMX_Power/ACCriticalSleepTransitionsDisable_2**
+**ADMX_Power/ACCriticalSleepTransitionsDisable_2**
@@ -193,7 +193,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (plugged in)*
- GP name: *ACCriticalSleepTransitionsDisable_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -204,7 +204,7 @@ ADMX Info:
-**ADMX_Power/ACStartMenuButtonAction_2**
+**ADMX_Power/ACStartMenuButtonAction_2**
@@ -244,7 +244,7 @@ If you disable this policy or don't configure this policy setting, users control
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select the Start menu Power button action (plugged in)*
- GP name: *ACStartMenuButtonAction_2*
- GP path: *System\Power Management\Button Settings*
@@ -255,7 +255,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemPowerRequestAC**
+**ADMX_Power/AllowSystemPowerRequestAC**
@@ -291,7 +291,7 @@ If you disable or don't configure this policy setting, applications, services, o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow applications to prevent automatic sleep (plugged in)*
- GP name: *AllowSystemPowerRequestAC*
- GP path: *System\Power Management\Sleep Settings*
@@ -302,7 +302,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemPowerRequestDC**
+**ADMX_Power/AllowSystemPowerRequestDC**
@@ -338,7 +338,7 @@ If you disable or don't configure this policy setting, applications, services, o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow applications to prevent automatic sleep (on battery)*
- GP name: *AllowSystemPowerRequestDC*
- GP path: *System\Power Management\Sleep Settings*
@@ -349,7 +349,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC**
+**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC**
@@ -385,7 +385,7 @@ If you disable or don't configure this policy setting, the computer doesn't auto
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow automatic sleep with Open Network Files (plugged in)*
- GP name: *AllowSystemSleepWithRemoteFilesOpenAC*
- GP path: *System\Power Management\Sleep Settings*
@@ -396,7 +396,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC**
+**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC**
@@ -432,7 +432,7 @@ If you disable or don't configure this policy setting, the computer doesn't auto
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow automatic sleep with Open Network Files (on battery)*
- GP name: *AllowSystemSleepWithRemoteFilesOpenDC*
- GP path: *System\Power Management\Sleep Settings*
@@ -443,7 +443,7 @@ ADMX Info:
-**ADMX_Power/CustomActiveSchemeOverride_2**
+**ADMX_Power/CustomActiveSchemeOverride_2**
@@ -479,7 +479,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify a custom active power plan*
- GP name: *CustomActiveSchemeOverride_2*
- GP path: *System\Power Management*
@@ -490,7 +490,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeAction0_2**
+**ADMX_Power/DCBatteryDischargeAction0_2**
@@ -516,7 +516,7 @@ ADMX Info:
-This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.
+This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.
If you enable this policy setting, select one of the following actions:
@@ -531,7 +531,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Critical battery notification action*
- GP name: *DCBatteryDischargeAction0_2*
- GP path: *System\Power Management\Notification Settings*
@@ -542,7 +542,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeAction1_2**
+**ADMX_Power/DCBatteryDischargeAction1_2**
@@ -583,7 +583,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Low battery notification action*
- GP name: *DCBatteryDischargeAction1_2*
- GP path: *System\Power Management\Notification Settings*
@@ -594,7 +594,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeLevel0_2**
+**ADMX_Power/DCBatteryDischargeLevel0_2**
@@ -632,7 +632,7 @@ If you disable this policy setting or don't configure it, users control this set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Critical battery notification level*
- GP name: *DCBatteryDischargeLevel0_2*
- GP path: *System\Power Management\Notification Settings*
@@ -643,7 +643,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeLevel1UINotification_2**
+**ADMX_Power/DCBatteryDischargeLevel1UINotification_2**
@@ -683,7 +683,7 @@ If you disable or don't configure this policy setting, users can control this se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off low battery user notification*
- GP name: *DCBatteryDischargeLevel1UINotification_2*
- GP path: *System\Power Management\Notification Settings*
@@ -694,7 +694,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeLevel1_2**
+**ADMX_Power/DCBatteryDischargeLevel1_2**
@@ -732,7 +732,7 @@ If you disable this policy setting or don't configure it, users control this set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Low battery notification level*
- GP name: *DCBatteryDischargeLevel1_2*
- GP path: *System\Power Management\Notification Settings*
@@ -743,7 +743,7 @@ ADMX Info:
-**ADMX_Power/DCConnectivityInStandby_2**
+**ADMX_Power/DCConnectivityInStandby_2**
@@ -781,7 +781,7 @@ If you don't configure this policy setting, users control this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow network connectivity during connected-standby (on battery)*
- GP name: *DCConnectivityInStandby_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -792,7 +792,7 @@ ADMX Info:
-**ADMX_Power/DCCriticalSleepTransitionsDisable_2**
+**ADMX_Power/DCCriticalSleepTransitionsDisable_2**
@@ -828,7 +828,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (on battery)*
- GP name: *DCCriticalSleepTransitionsDisable_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -839,7 +839,7 @@ ADMX Info:
-**ADMX_Power/DCStartMenuButtonAction_2**
+**ADMX_Power/DCStartMenuButtonAction_2**
@@ -879,7 +879,7 @@ If you disable this policy or don't configure this policy setting, users control
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select the Start menu Power button action (on battery)*
- GP name: *DCStartMenuButtonAction_2*
- GP path: *System\Power Management\Button Settings*
@@ -890,7 +890,7 @@ ADMX Info:
-**ADMX_Power/DiskACPowerDownTimeOut_2**
+**ADMX_Power/DiskACPowerDownTimeOut_2**
@@ -926,7 +926,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn Off the hard disk (plugged in)*
- GP name: *DiskACPowerDownTimeOut_2*
- GP path: *System\Power Management\Hard Disk Settings*
@@ -937,7 +937,7 @@ ADMX Info:
-**ADMX_Power/DiskDCPowerDownTimeOut_2**
+**ADMX_Power/DiskDCPowerDownTimeOut_2**
@@ -973,7 +973,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn Off the hard disk (on battery)*
- GP name: *DiskDCPowerDownTimeOut_2*
- GP path: *System\Power Management\Hard Disk Settings*
@@ -984,7 +984,7 @@ ADMX Info:
-**ADMX_Power/Dont_PowerOff_AfterShutdown**
+**ADMX_Power/Dont_PowerOff_AfterShutdown**
@@ -1026,7 +1026,7 @@ If you disable or don't configure this policy setting, the computer system safel
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not turn off system power after a Windows system shutdown has occurred.*
- GP name: *Dont_PowerOff_AfterShutdown*
- GP path: *System*
@@ -1037,7 +1037,7 @@ ADMX Info:
-**ADMX_Power/EnableDesktopSlideShowAC**
+**ADMX_Power/EnableDesktopSlideShowAC**
@@ -1075,7 +1075,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on desktop background slideshow (plugged in)*
- GP name: *EnableDesktopSlideShowAC*
- GP path: *System\Power Management\Video and Display Settings*
@@ -1086,7 +1086,7 @@ ADMX Info:
-**ADMX_Power/EnableDesktopSlideShowDC**
+**ADMX_Power/EnableDesktopSlideShowDC**
@@ -1124,7 +1124,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on desktop background slideshow (on battery)*
- GP name: *EnableDesktopSlideShowDC*
- GP path: *System\Power Management\Video and Display Settings*
@@ -1135,7 +1135,7 @@ ADMX Info:
-**ADMX_Power/InboxActiveSchemeOverride_2**
+**ADMX_Power/InboxActiveSchemeOverride_2**
@@ -1171,7 +1171,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select an active power plan*
- GP name: *InboxActiveSchemeOverride_2*
- GP path: *System\Power Management*
@@ -1182,7 +1182,7 @@ ADMX Info:
-**ADMX_Power/PW_PromptPasswordOnResume**
+**ADMX_Power/PW_PromptPasswordOnResume**
@@ -1218,7 +1218,7 @@ If you disable or don't configure this policy setting, users control if their co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prompt for password on resume from hibernate/suspend*
- GP name: *PW_PromptPasswordOnResume*
- GP path: *System\Power Management*
@@ -1229,7 +1229,7 @@ ADMX Info:
-**ADMX_Power/PowerThrottlingTurnOff**
+**ADMX_Power/PowerThrottlingTurnOff**
@@ -1265,7 +1265,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Power Throttling*
- GP name: *PowerThrottlingTurnOff*
- GP path: *System\Power Management\Power Throttling Settings*
@@ -1276,7 +1276,7 @@ ADMX Info:
-**ADMX_Power/ReserveBatteryNotificationLevel**
+**ADMX_Power/ReserveBatteryNotificationLevel**
@@ -1312,7 +1312,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reserve battery notification level*
- GP name: *ReserveBatteryNotificationLevel*
- GP path: *System\Power Management\Notification Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index 0818fc3b94..5659a2f23c 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_PowerShellExecutionPolicy.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_PowerShellExecutionPolicy
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PowerShellExecutionPolicy policies
+## ADMX_PowerShellExecutionPolicy policies
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**
+**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**
@@ -87,7 +87,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Module Logging*
- GP name: *EnableModuleLogging*
- GP path: *Windows Components\Windows PowerShell*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_PowerShellExecutionPolicy/EnableScripts**
+**ADMX_PowerShellExecutionPolicy/EnableScripts**
@@ -140,7 +140,7 @@ If you disable this policy setting, no scripts are allowed to run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Script Execution*
- GP name: *EnableScripts*
- GP path: *Windows Components\Windows PowerShell*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_PowerShellExecutionPolicy/EnableTranscripting**
+**ADMX_PowerShellExecutionPolicy/EnableTranscripting**
@@ -193,7 +193,7 @@ If you use the OutputDirectory setting to enable transcript logging to a shared
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on PowerShell Transcription*
- GP name: *EnableTranscripting*
- GP path: *Windows Components\Windows PowerShell*
@@ -204,7 +204,7 @@ ADMX Info:
-**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**
+**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**
@@ -244,7 +244,7 @@ If this policy setting is disabled or not configured, this policy setting doesn'
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set the default source path for Update-Help*
- GP name: *EnableUpdateHelpDefaultSourcePath*
- GP path: *Windows Components\Windows PowerShell*
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index 05320e6fd6..4f35241526 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -4,8 +4,8 @@ description: Policy CSP - ADMX_PreviousVersions
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
@@ -14,13 +14,13 @@ manager: aaroncz
# Policy CSP - ADMX_PreviousVersions
-## ADMX_PreviousVersions policies
+## ADMX_PreviousVersions policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -51,14 +51,14 @@ manager: aaroncz
-**ADMX_PreviousVersions/DisableLocalPage_1**
+**ADMX_PreviousVersions/DisableLocalPage_1**
@@ -84,18 +84,18 @@ manager: aaroncz
-This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring local previous versions*
- GP name: *DisableLocalPage_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -106,7 +106,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableLocalPage_2**
+**ADMX_PreviousVersions/DisableLocalPage_2**
@@ -132,18 +132,18 @@ ADMX Info:
-This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring local previous versions*
- GP name: *DisableLocalPage_2*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableRemotePage_1**
+**ADMX_PreviousVersions/DisableRemotePage_1**
@@ -180,18 +180,18 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableRemotePage_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -202,7 +202,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableRemotePage_2**
+**ADMX_PreviousVersions/DisableRemotePage_2**
@@ -228,18 +228,18 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableRemotePage_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -251,7 +251,7 @@ ADMX Info:
-**ADMX_PreviousVersions/HideBackupEntries_1**
+**ADMX_PreviousVersions/HideBackupEntries_1**
@@ -277,17 +277,17 @@ ADMX Info:
-This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
- If you don't configure this policy setting, it's disabled by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide previous versions of files on backup location*
- GP name: *HideBackupEntries_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -298,7 +298,7 @@ ADMX Info:
-**ADMX_PreviousVersions/HideBackupEntries_2**
+**ADMX_PreviousVersions/HideBackupEntries_2**
@@ -324,17 +324,17 @@ ADMX Info:
-This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
- If you don't configure this policy setting, it's disabled by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide previous versions of files on backup location*
- GP name: *HideBackupEntries_2*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -345,7 +345,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableLocalRestore_1**
+**ADMX_PreviousVersions/DisableLocalRestore_1**
@@ -371,10 +371,10 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -382,7 +382,7 @@ This setting lets you suppress the Restore button in the previous versions prope
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableLocalRestore_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -393,7 +393,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableLocalRestore_2**
+**ADMX_PreviousVersions/DisableLocalRestore_2**
@@ -419,17 +419,17 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableLocalRestore_2*
- GP path: *Windows Components\File Explorer\Previous Versions*
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index f107901b56..3728163906 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Printing.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/15/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Printing
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Printing policies
+## ADMX_Printing policies
@@ -112,7 +112,7 @@ manager: aaroncz
-**ADMX_Printing/AllowWebPrinting**
+**ADMX_Printing/AllowWebPrinting**
@@ -155,7 +155,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Activate Internet printing*
- GP name: *AllowWebPrinting*
- GP path: *Printers*
@@ -166,7 +166,7 @@ ADMX Info:
-**ADMX_Printing/ApplicationDriverIsolation**
+**ADMX_Printing/ApplicationDriverIsolation**
@@ -209,7 +209,7 @@ If you disable this policy setting, then print drivers will be loaded within all
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Isolate print drivers from applications*
- GP name: *ApplicationDriverIsolation*
- GP path: *Printers*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_Printing/CustomizedSupportUrl**
+**ADMX_Printing/CustomizedSupportUrl**
@@ -264,7 +264,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom support URL in the Printers folder's left pane*
- GP name: *CustomizedSupportUrl*
- GP path: *Printers*
@@ -275,7 +275,7 @@ ADMX Info:
-**ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate**
+**ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate**
@@ -312,7 +312,7 @@ This policy setting isn't configured by default, and the behavior depends on the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Extend Point and Print connection to search Windows Update*
- GP name: *DoNotInstallCompatibleDriverFromWindowsUpdate*
- GP path: *Printers*
@@ -323,7 +323,7 @@ ADMX Info:
-**ADMX_Printing/DomainPrinters**
+**ADMX_Printing/DomainPrinters**
@@ -373,7 +373,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Printer wizard - Network scan page (Managed network)*
- GP name: *DomainPrinters*
- GP path: *Printers*
@@ -384,7 +384,7 @@ ADMX Info:
-**ADMX_Printing/DownlevelBrowse**
+**ADMX_Printing/DownlevelBrowse**
@@ -423,7 +423,7 @@ If you disable this setting, the network printer browse page is removed from wit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Browse the network to find printers*
- GP name: *DownlevelBrowse*
- GP path: *Control Panel\Printers*
@@ -434,7 +434,7 @@ ADMX Info:
-**ADMX_Printing/EMFDespooling**
+**ADMX_Printing/EMFDespooling**
@@ -481,7 +481,7 @@ If you don't enable this policy setting, the behavior is the same as disabling i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always render print jobs on the server*
- GP name: *EMFDespooling*
- GP path: *Printers*
@@ -492,7 +492,7 @@ ADMX Info:
-**ADMX_Printing/ForceSoftwareRasterization**
+**ADMX_Printing/ForceSoftwareRasterization**
@@ -526,7 +526,7 @@ This setting may improve the performance of the XPS Rasterization Service or the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always rasterize content to be printed using a software rasterizer*
- GP name: *ForceSoftwareRasterization*
- GP path: *Printers*
@@ -537,7 +537,7 @@ ADMX Info:
-**ADMX_Printing/IntranetPrintersUrl**
+**ADMX_Printing/IntranetPrintersUrl**
@@ -577,7 +577,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Browse a common web site to find printers*
- GP name: *IntranetPrintersUrl*
- GP path: *Control Panel\Printers*
@@ -588,7 +588,7 @@ ADMX Info:
-**ADMX_Printing/KMPrintersAreBlocked**
+**ADMX_Printing/KMPrintersAreBlocked**
@@ -628,7 +628,7 @@ If you enable this setting, installation of a printer using a kernel-mode driver
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow installation of printers using kernel-mode drivers*
- GP name: *KMPrintersAreBlocked*
- GP path: *Printers*
@@ -639,7 +639,7 @@ ADMX Info:
-**ADMX_Printing/LegacyDefaultPrinterMode**
+**ADMX_Printing/LegacyDefaultPrinterMode**
@@ -671,13 +671,13 @@ If you enable this setting, Windows won't manage the default printer.
If you disable this setting, Windows will manage the default printer.
-If you don't configure this setting, default printer management won't change.
+If you don't configure this setting, default printer management won't change.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows default printer management*
- GP name: *LegacyDefaultPrinterMode*
- GP path: *Control Panel\Printers*
@@ -688,7 +688,7 @@ ADMX Info:
-**ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS**
+**ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS**
@@ -724,7 +724,7 @@ If you disable or don't configure this policy setting, the default MXDW output f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)*
- GP name: *MXDWUseLegacyOutputFormatMSXPS*
- GP path: *Printers*
@@ -735,7 +735,7 @@ ADMX Info:
-**ADMX_Printing/NoDeletePrinter**
+**ADMX_Printing/NoDeletePrinter**
@@ -773,7 +773,7 @@ If this policy is disabled, or not configured, users can delete printers using t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent deletion of printers*
- GP name: *NoDeletePrinter*
- GP path: *Control Panel\Printers*
@@ -784,7 +784,7 @@ ADMX Info:
-**ADMX_Printing/NonDomainPrinters**
+**ADMX_Printing/NonDomainPrinters**
@@ -831,7 +831,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Printer wizard - Network scan page (Unmanaged network)*
- GP name: *NonDomainPrinters*
- GP path: *Printers*
@@ -842,7 +842,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintOnly**
+**ADMX_Printing/PackagePointAndPrintOnly**
@@ -878,7 +878,7 @@ If this setting is disabled, or not configured, users won't be restricted to pac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Only use Package Point and print*
- GP name: *PackagePointAndPrintOnly*
- GP path: *Control Panel\Printers*
@@ -889,7 +889,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintOnly_Win7**
+**ADMX_Printing/PackagePointAndPrintOnly_Win7**
@@ -925,7 +925,7 @@ If this setting is disabled, or not configured, users won't be restricted to pac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Only use Package Point and print*
- GP name: *PackagePointAndPrintOnly_Win7*
- GP path: *Printers*
@@ -936,7 +936,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintServerList**
+**ADMX_Printing/PackagePointAndPrintServerList**
@@ -976,7 +976,7 @@ If this setting is disabled, or not configured, package point and print won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Package Point and print - Approved servers*
- GP name: *PackagePointAndPrintServerList*
- GP path: *Control Panel\Printers*
@@ -987,7 +987,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintServerList_Win7**
+**ADMX_Printing/PackagePointAndPrintServerList_Win7**
@@ -1027,7 +1027,7 @@ If this setting is disabled, or not configured, package point and print won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Package Point and print - Approved servers*
- GP name: *PackagePointAndPrintServerList_Win7*
- GP path: *Printers*
@@ -1038,7 +1038,7 @@ ADMX Info:
-**ADMX_Printing/PhysicalLocation**
+**ADMX_Printing/PhysicalLocation**
@@ -1078,7 +1078,7 @@ If you disable this setting or don't configure it, and the user doesn't type a l
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Computer location*
- GP name: *PhysicalLocation*
- GP path: *Printers*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_Printing/PhysicalLocationSupport**
+**ADMX_Printing/PhysicalLocationSupport**
@@ -1127,7 +1127,7 @@ If you disable this setting or don't configure it, Location Tracking is disabled
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Pre-populate printer search location text*
- GP name: *PhysicalLocationSupport*
- GP path: *Printers*
@@ -1138,7 +1138,7 @@ ADMX Info:
-**ADMX_Printing/PrintDriverIsolationExecutionPolicy**
+**ADMX_Printing/PrintDriverIsolationExecutionPolicy**
@@ -1179,7 +1179,7 @@ If you disable this policy setting, the print spooler will execute print drivers
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Execute print drivers in isolated processes*
- GP name: *PrintDriverIsolationExecutionPolicy*
- GP path: *Printers*
@@ -1190,7 +1190,7 @@ ADMX Info:
-**ADMX_Printing/PrintDriverIsolationOverrideCompat**
+**ADMX_Printing/PrintDriverIsolationOverrideCompat**
@@ -1231,7 +1231,7 @@ If you disable or don't configure this policy setting, the print spooler uses th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Override print driver execution compatibility setting reported by print driver*
- GP name: *PrintDriverIsolationOverrideCompat*
- GP path: *Printers*
@@ -1242,7 +1242,7 @@ ADMX Info:
-**ADMX_Printing/PrinterDirectorySearchScope**
+**ADMX_Printing/PrinterDirectorySearchScope**
@@ -1280,7 +1280,7 @@ This setting only provides a starting point for Active Directory searches for pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default Active Directory path when searching for printers*
- GP name: *PrinterDirectorySearchScope*
- GP path: *Control Panel\Printers*
@@ -1291,7 +1291,7 @@ ADMX Info:
-**ADMX_Printing/PrinterServerThread**
+**ADMX_Printing/PrinterServerThread**
@@ -1334,7 +1334,7 @@ If you don't configure this setting, shared printers are announced to browse mai
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Printer browsing*
- GP name: *PrinterServerThread*
- GP path: *Printers*
@@ -1345,7 +1345,7 @@ ADMX Info:
-**ADMX_Printing/ShowJobTitleInEventLogs**
+**ADMX_Printing/ShowJobTitleInEventLogs**
@@ -1384,7 +1384,7 @@ If you enable this policy setting, the print job name will be included in new lo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow job name in event logs*
- GP name: *ShowJobTitleInEventLogs*
- GP path: *Printers*
@@ -1395,7 +1395,7 @@ ADMX Info:
-**ADMX_Printing/V4DriverDisallowPrinterExtension**
+**ADMX_Printing/V4DriverDisallowPrinterExtension**
@@ -1433,7 +1433,7 @@ If you disable this policy setting or don't configure it, then all printer exten
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow v4 printer drivers to show printer extensions*
- GP name: *V4DriverDisallowPrinterExtension*
- GP path: *Printers*
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 3032187dbe..0b8ff6c5be 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Printing2.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/15/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Printing2
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Printing2 policies
+## ADMX_Printing2 policies
@@ -60,7 +60,7 @@ manager: aaroncz
-**ADMX_Printing2/AutoPublishing**
+**ADMX_Printing2/AutoPublishing**
@@ -101,7 +101,7 @@ The default behavior is to automatically publish shared printers in Active Direc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatically publish new printers in Active Directory*
- GP name: *AutoPublishing*
- GP path: *Printers*
@@ -112,7 +112,7 @@ ADMX Info:
-**ADMX_Printing2/ImmortalPrintQueue**
+**ADMX_Printing2/ImmortalPrintQueue**
@@ -153,7 +153,7 @@ If you disable this setting, the domain controller doesn't prune this computer's
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow pruning of published printers*
- GP name: *ImmortalPrintQueue*
- GP path: *Printers*
@@ -164,7 +164,7 @@ ADMX Info:
-**ADMX_Printing2/PruneDownlevel**
+**ADMX_Printing2/PruneDownlevel**
@@ -212,7 +212,7 @@ You can enable this setting to change the default behavior. To use this setting,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prune printers that are not automatically republished*
- GP name: *PruneDownlevel*
- GP path: *Printers*
@@ -223,7 +223,7 @@ ADMX Info:
-**ADMX_Printing2/PruningInterval**
+**ADMX_Printing2/PruningInterval**
@@ -266,7 +266,7 @@ If you don't configure or disable this setting, the default values will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Directory pruning interval*
- GP name: *PruningInterval*
- GP path: *Printers*
@@ -277,7 +277,7 @@ ADMX Info:
-**ADMX_Printing2/PruningPriority**
+**ADMX_Printing2/PruningPriority**
@@ -318,7 +318,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Directory pruning priority*
- GP name: *PruningPriority*
- GP path: *Printers*
@@ -329,7 +329,7 @@ ADMX Info:
-**ADMX_Printing2/PruningRetries**
+**ADMX_Printing2/PruningRetries**
@@ -372,7 +372,7 @@ If you don't configure or disable this setting, the default values are used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Directory pruning retry*
- GP name: *PruningRetries*
- GP path: *Printers*
@@ -383,7 +383,7 @@ ADMX Info:
-**ADMX_Printing2/PruningRetryLog**
+**ADMX_Printing2/PruningRetryLog**
@@ -424,7 +424,7 @@ If you disable or don't configure this policy setting, the contact events aren't
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Log directory pruning retry events*
- GP name: *PruningRetryLog*
- GP path: *Printers*
@@ -435,7 +435,7 @@ ADMX Info:
-**ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint**
+**ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint**
@@ -473,7 +473,7 @@ The spooler must be restarted for changes to this policy to take effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Print Spooler to accept client connections*
- GP name: *RegisterSpoolerRemoteRpcEndPoint*
- GP path: *Printers*
@@ -484,7 +484,7 @@ ADMX Info:
-**ADMX_Printing2/VerifyPublishedState**
+**ADMX_Printing2/VerifyPublishedState**
@@ -522,7 +522,7 @@ To disable verification, disable this setting, or enable this setting and select
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Check published state*
- GP name: *VerifyPublishedState*
- GP path: *Printers*
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index 3758a6ba32..228cd52bf6 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Programs.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Programs
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Programs policies
+## ADMX_Programs policies
@@ -54,7 +54,7 @@ manager: aaroncz
-**ADMX_Programs/NoDefaultPrograms**
+**ADMX_Programs/NoDefaultPrograms**
@@ -93,7 +93,7 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Set Program Access and Computer Defaults" page*
- GP name: *NoDefaultPrograms*
- GP path: *Control Panel\Programs*
@@ -104,7 +104,7 @@ ADMX Info:
-**ADMX_Programs/NoGetPrograms**
+**ADMX_Programs/NoGetPrograms**
@@ -130,7 +130,7 @@ ADMX Info:
-Prevents users from viewing or installing published programs from the network.
+Prevents users from viewing or installing published programs from the network.
This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the "Install a program from the network" task. The "Get Programs" page lists published programs and provides an easy way to install them.
@@ -147,7 +147,7 @@ If this setting is disabled or isn't configured, the "Install a program from the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Get Programs" page*
- GP name: *NoGetPrograms*
- GP path: *Control Panel\Programs*
@@ -158,7 +158,7 @@ ADMX Info:
-**ADMX_Programs/NoInstalledUpdates**
+**ADMX_Programs/NoInstalledUpdates**
@@ -196,7 +196,7 @@ This setting doesn't prevent users from using other tools and methods to install
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Installed Updates" page*
- GP name: *NoInstalledUpdates*
- GP path: *Control Panel\Programs*
@@ -207,7 +207,7 @@ ADMX Info:
-**ADMX_Programs/NoProgramsAndFeatures**
+**ADMX_Programs/NoProgramsAndFeatures**
@@ -243,7 +243,7 @@ This setting doesn't prevent users from using other tools and methods to view or
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Programs and Features" page*
- GP name: *NoProgramsAndFeatures*
- GP path: *Control Panel\Programs*
@@ -254,7 +254,7 @@ ADMX Info:
-**ADMX_Programs/NoProgramsCPL**
+**ADMX_Programs/NoProgramsCPL**
@@ -281,7 +281,7 @@ ADMX Info:
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
-
+
The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel.
If this setting is disabled or not configured, the Programs Control Panel in Category View and Programs and Features in Classic View will be available to all users.
@@ -294,7 +294,7 @@ This setting doesn't prevent users from using other tools and methods to install
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the Programs Control Panel*
- GP name: *NoProgramsCPL*
- GP path: *Control Panel\Programs*
@@ -305,7 +305,7 @@ ADMX Info:
-**ADMX_Programs/NoWindowsFeatures**
+**ADMX_Programs/NoWindowsFeatures**
@@ -341,7 +341,7 @@ This setting doesn't prevent users from using other tools and methods to configu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Windows Features"*
- GP name: *NoWindowsFeatures*
- GP path: *Control Panel\Programs*
@@ -352,7 +352,7 @@ ADMX Info:
-**ADMX_Programs/NoWindowsMarketplace**
+**ADMX_Programs/NoWindowsMarketplace**
@@ -382,7 +382,7 @@ This setting prevents users from access the "Get new programs from Windows Marke
Windows Marketplace allows users to purchase and/or download various programs to their computer for installation.
-Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods.
+Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods.
If this feature is disabled or isn't configured, the "Get new programs from Windows Marketplace" task link will be available to all users.
@@ -393,7 +393,7 @@ If this feature is disabled or isn't configured, the "Get new programs from Wind
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Windows Marketplace"*
- GP name: *NoWindowsMarketplace*
- GP path: *Control Panel\Programs*
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index d5ba645c1e..3efeeafc81 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_PushToInstall.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_PushToInstall
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PushToInstall policies
+## ADMX_PushToInstall policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_PushToInstall/DisablePushToInstall**
+**ADMX_PushToInstall/DisablePushToInstall**
@@ -67,7 +67,7 @@ If you enable this setting, users will not be able to push Apps to this device f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Push To Install service*
- GP name: *DisablePushToInstall*
- GP path: *Windows Components\Push To Install*
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index bcfa2454cb..13a94d8fbf 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Radar.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_Radar
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Radar policies
+## ADMX_Radar policies
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_Radar/WdiScenarioExecutionPolicy**
+**ADMX_Radar/WdiScenarioExecutionPolicy**
@@ -62,16 +62,16 @@ manager: aaroncz
-This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
+This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
-These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
+These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
-If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
No system restart or service restart is required for this policy to take effect; changes take effect immediately.
@@ -81,7 +81,7 @@ No system restart or service restart is required for this policy to take effect;
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution*
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 08a42720fb..d6f224badc 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -4,8 +4,8 @@ description: Policy CSP - ADMX_Reliability
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_Reliability
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Reliability policies
+## ADMX_Reliability policies
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_Reliability/EE_EnablePersistentTimeStamp**
+**ADMX_Reliability/EE_EnablePersistentTimeStamp**
@@ -85,7 +85,7 @@ If you don't configure this policy setting, the Persistent System Timestamp is r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Persistent Time Stamp*
- GP name: *EE_EnablePersistentTimeStamp*
- GP path: *System*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_Reliability/PCH_ReportShutdownEvents**
+**ADMX_Reliability/PCH_ReportShutdownEvents**
@@ -138,7 +138,7 @@ Also see the "Configure Error Reporting" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Report unplanned shutdown events*
- GP name: *PCH_ReportShutdownEvents*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_Reliability/ShutdownEventTrackerStateFile**
+**ADMX_Reliability/ShutdownEventTrackerStateFile**
@@ -192,7 +192,7 @@ If you don't configure this policy setting, the default behavior for the System
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Activate Shutdown Event Tracker System State Data feature*
- GP name: *ShutdownEventTrackerStateFile*
- GP path: *System*
@@ -205,7 +205,7 @@ ADMX Info:
-**ADMX_Reliability/ShutdownReason**
+**ADMX_Reliability/ShutdownReason**
@@ -250,7 +250,7 @@ If you don't configure this policy setting, the default behavior for the Shutdow
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display Shutdown Event Tracker*
- GP name: *ShutdownReason*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index 5d6a8d5676..bece2eb4d9 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_RemoteAssistance.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/14/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_RemoteAssistance
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_RemoteAssistance policies
+## ADMX_RemoteAssistance policies
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_RemoteAssistance/RA_EncryptedTicketOnly**
+**ADMX_RemoteAssistance/RA_EncryptedTicketOnly**
@@ -76,7 +76,7 @@ If you don't configure this policy setting, users can configure this setting in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow only Windows Vista or later connections*
- GP name: *RA_EncryptedTicketOnly*
- GP path: *System\Remote Assistance*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_RemoteAssistance/RA_Optimize_Bandwidth**
+**ADMX_RemoteAssistance/RA_Optimize_Bandwidth**
@@ -141,7 +141,7 @@ If you don't configure this policy setting, application-based settings are used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on bandwidth optimization*
- GP name: *RA_Optimize_Bandwidth*
- GP path: *System\Remote Assistance*
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index f4f47dc890..13c9f54981 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_RemovableStorage.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/10/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_RemovableStorage
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_RemovableStorage policies
+## ADMX_RemovableStorage policies
@@ -128,7 +128,7 @@ manager: aaroncz
-**ADMX_RemovableStorage/AccessRights_RebootTime_1**
+**ADMX_RemovableStorage/AccessRights_RebootTime_1**
@@ -167,7 +167,7 @@ If you disable or don't configure this setting, the operating system does not fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time (in seconds) to force reboot*
- GP name: *AccessRights_RebootTime_1*
- GP path: *System\Removable Storage Access*
@@ -178,7 +178,7 @@ ADMX Info:
-**ADMX_RemovableStorage/AccessRights_RebootTime_2**
+**ADMX_RemovableStorage/AccessRights_RebootTime_2**
@@ -217,7 +217,7 @@ If you disable or don't configure this setting, the operating system does not fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time (in seconds) to force reboot*
- GP name: *AccessRights_RebootTime_2*
- GP path: *System\Removable Storage Access*
@@ -228,7 +228,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2**
+**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2**
@@ -264,7 +264,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny execute access*
- GP name: *CDandDVD_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -275,7 +275,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1**
+**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1**
@@ -310,7 +310,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny read access*
- GP name: *CDandDVD_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -321,7 +321,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2**
+**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2**
@@ -357,7 +357,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny read access*
- GP name: *CDandDVD_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -368,7 +368,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1**
+**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1**
@@ -404,7 +404,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny write access*
- GP name: *CDandDVD_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -415,7 +415,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2**
+**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2**
@@ -451,7 +451,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny write access*
- GP name: *CDandDVD_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -462,7 +462,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1**
+**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1**
@@ -498,7 +498,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny read access*
- GP name: *CustomClasses_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -509,7 +509,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2**
+**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2**
@@ -545,7 +545,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny read access*
- GP name: *CustomClasses_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -556,7 +556,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1**
+**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1**
@@ -592,7 +592,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny write access*
- GP name: *CustomClasses_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -602,7 +602,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2**
+**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2**
@@ -638,7 +638,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny write access*
- GP name: *CustomClasses_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -648,7 +648,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2**
+**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2**
@@ -684,7 +684,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny execute access*
- GP name: *FloppyDrives_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -694,7 +694,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1**
+**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1**
@@ -730,7 +730,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny read access*
- GP name: *FloppyDrives_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -740,7 +740,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2**
+**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2**
@@ -776,7 +776,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny read access*
- GP name: *FloppyDrives_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -786,7 +786,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1**
+**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1**
@@ -821,7 +821,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny write access*
- GP name: *FloppyDrives_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -831,7 +831,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2**
+**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2**
@@ -867,7 +867,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny write access*
- GP name: *FloppyDrives_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -877,7 +877,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2**
+**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2**
@@ -912,7 +912,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny execute access*
- GP name: *RemovableDisks_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -922,7 +922,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1**
+**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1**
@@ -958,7 +958,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny read access*
- GP name: *RemovableDisks_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -968,7 +968,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2**
+**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2**
@@ -1003,7 +1003,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny read access*
- GP name: *RemovableDisks_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1013,7 +1013,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1**
+**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1**
@@ -1052,7 +1052,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny write access*
- GP name: *RemovableDisks_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1062,7 +1062,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1**
+**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1**
@@ -1100,7 +1100,7 @@ If you disable or don't configure this policy setting, write and read accesses a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *All Removable Storage classes: Deny all access*
- GP name: *RemovableStorageClasses_DenyAll_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1110,7 +1110,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2**
+**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2**
@@ -1136,7 +1136,7 @@ ADMX Info:
-Configure access to all removable storage classes.
+Configure access to all removable storage classes.
This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
@@ -1148,7 +1148,7 @@ If you disable or don't configure this policy setting, write and read accesses a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *All Removable Storage classes: Deny all access*
- GP name: *RemovableStorageClasses_DenyAll_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1158,7 +1158,7 @@ ADMX Info:
-**ADMX_RemovableStorage/Removable_Remote_Allow_Access**
+**ADMX_RemovableStorage/Removable_Remote_Allow_Access**
@@ -1194,7 +1194,7 @@ If you disable or don't configure this policy setting, remote users cannot open
-ADMX Info:
+ADMX Info:
- GP Friendly name: *All Removable Storage: Allow direct access in remote sessions*
- GP name: *Removable_Remote_Allow_Access*
- GP path: *System\Removable Storage Access*
@@ -1204,7 +1204,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2**
+**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2**
@@ -1240,7 +1240,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny execute access*
- GP name: *TapeDrives_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1250,7 +1250,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1**
+**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1**
@@ -1285,7 +1285,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny read access*
- GP name: *TapeDrives_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1295,7 +1295,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2**
+**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2**
@@ -1331,7 +1331,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny read access*
- GP name: *TapeDrives_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1341,7 +1341,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1**
+**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1**
@@ -1376,7 +1376,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny write access*
- GP name: *TapeDrives_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1386,7 +1386,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2**
+**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2**
@@ -1422,7 +1422,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny write access*
- GP name: *TapeDrives_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1432,7 +1432,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1**
+**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1**
@@ -1468,7 +1468,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny read access*
- GP name: *WPDDevices_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1478,7 +1478,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2**
+**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2**
@@ -1513,7 +1513,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny read access*
- GP name: *WPDDevices_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1523,7 +1523,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1**
+**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1**
@@ -1559,7 +1559,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny write access*
- GP name: *WPDDevices_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1569,7 +1569,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2**
+**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2**
@@ -1605,7 +1605,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny write access*
- GP name: *WPDDevices_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 6f085b0205..c2e8188d71 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_RPC.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_RPC
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_RPC policies
+## ADMX_RPC policies
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_RPC/RpcExtendedErrorInformation**
+**ADMX_RPC/RpcExtendedErrorInformation**
@@ -99,7 +99,7 @@ You must select an error response type from the folowing options in the drop-dow
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Propagate extended error information*
- GP name: *RpcExtendedErrorInformation*
- GP path: *System\Remote Procedure Call*
@@ -110,7 +110,7 @@ ADMX Info:
-**ADMX_RPC/RpcIgnoreDelegationFailure**
+**ADMX_RPC/RpcIgnoreDelegationFailure**
@@ -140,7 +140,7 @@ This policy setting controls whether the RPC Runtime ignores delegation failures
The constrained delegation model, introduced in Windows Server 2003, doesn't report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
-If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
+If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
If you don't configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
@@ -156,7 +156,7 @@ If you enable this policy setting, then:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore Delegation Failure*
- GP name: *RpcIgnoreDelegationFailure*
- GP path: *System\Remote Procedure Call*
@@ -168,7 +168,7 @@ ADMX Info:
-**ADMX_RPC/RpcMinimumHttpConnectionTimeout**
+**ADMX_RPC/RpcMinimumHttpConnectionTimeout**
@@ -194,7 +194,7 @@ ADMX Info:
-This policy setting controls the idle connection timeout for RPC/HTTP connections.
+This policy setting controls the idle connection timeout for RPC/HTTP connections.
This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.
@@ -215,7 +215,7 @@ If you enable this policy setting, and the IIS server running the RPC HTTP proxy
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections*
- GP name: *RpcMinimumHttpConnectionTimeout*
- GP path: *System\Remote Procedure Call*
@@ -226,7 +226,7 @@ ADMX Info:
-**ADMX_RPC/RpcStateInformation**
+**ADMX_RPC/RpcStateInformation**
@@ -256,13 +256,13 @@ This policy setting determines whether the RPC Runtime maintains RPC state infor
If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
-If you don't configure this policy setting, the RPC defaults to "Auto2" level.
+If you don't configure this policy setting, the RPC defaults to "Auto2" level.
If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information from the following:
- "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations.
- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
-- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
+- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem.
@@ -274,7 +274,7 @@ If you enable this policy setting, you can use the drop-down box to determine wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maintain RPC Troubleshooting State Information*
- GP name: *RpcStateInformation*
- GP path: *System\Remote Procedure Call*
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index fec515d046..8fb9f59bb0 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Scripts.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/17/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_Scripts
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Scripts policies
+## ADMX_Scripts policies
@@ -68,7 +68,7 @@ manager: aaroncz
-**ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled**
+**ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled**
@@ -104,7 +104,7 @@ If you disable or don't configure this policy setting, user account cross-forest
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow logon scripts when NetBIOS or WINS is disabled*
- GP name: *Allow_Logon_Script_NetbiosDisabled*
- GP path: *System\Scripts*
@@ -115,7 +115,7 @@ ADMX Info:
-**ADMX_Scripts/MaxGPOScriptWaitPolicy**
+**ADMX_Scripts/MaxGPOScriptWaitPolicy**
@@ -141,13 +141,13 @@ ADMX Info:
-This policy setting determines how long the system waits for scripts applied by Group Policy to run.
+This policy setting determines how long the system waits for scripts applied by Group Policy to run.
This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts haven't finished running when the specified time expires, the system stops script processing and records an error event.
-If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0.
+If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0.
-This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop.
+This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop.
An excessively long interval can delay the system and cause inconvenience to users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.
@@ -157,7 +157,7 @@ If you disable or don't configure this setting, the system lets the combined set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify maximum wait time for Group Policy scripts*
- GP name: *MaxGPOScriptWaitPolicy*
- GP path: *System\Scripts*
@@ -168,7 +168,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Computer_PS_Scripts_First**
+**ADMX_Scripts/Run_Computer_PS_Scripts_First**
@@ -194,25 +194,25 @@ ADMX Info:
-This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-
-If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-For example, assume the following scenario:
+If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
-There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
+For example, assume the following scenario:
+
+There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
GPO B and GPO C include the following computer startup scripts:
- GPO B: B.cmd, B.ps1
- GPO C: C.cmd, C.ps1
-Assume also that there are two computers, DesktopIT and DesktopSales.
+Assume also that there are two computers, DesktopIT and DesktopSales.
For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT:
- Within GPO B: B.ps1, B.cmd
- Within GPO C: C.ps1, C.cmd
-
+
For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for DesktopSales:
- Within GPO B: B.cmd, B.ps1
@@ -227,7 +227,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run Windows PowerShell scripts first at computer startup, shutdown*
- GP name: *Run_Computer_PS_Scripts_First*
- GP path: *System\Scripts*
@@ -238,7 +238,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Legacy_Logon_Script_Hidden**
+**ADMX_Scripts/Run_Legacy_Logon_Script_Hidden**
@@ -264,7 +264,7 @@ ADMX Info:
-This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
+This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
Logon scripts are batch files of instructions that run when the user logs on. By default, Windows displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it doesn't display logon scripts written for Windows.
@@ -278,7 +278,7 @@ Also, see the "Run Logon Scripts Visible" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run legacy logon scripts hidden*
- GP name: *Run_Legacy_Logon_Script_Hidden*
- GP path: *System\Scripts*
@@ -289,7 +289,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logoff_Script_Visible**
+**ADMX_Scripts/Run_Logoff_Script_Visible**
@@ -327,7 +327,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in logoff scripts as they run*
- GP name: *Run_Logoff_Script_Visible*
- GP path: *System\Scripts*
@@ -338,7 +338,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logon_Script_Sync_1**
+**ADMX_Scripts/Run_Logon_Script_Sync_1**
@@ -376,7 +376,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run logon scripts synchronously*
- GP name: *Run_Logon_Script_Sync_1*
- GP path: *System\Scripts*
@@ -387,7 +387,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logon_Script_Sync_2**
+**ADMX_Scripts/Run_Logon_Script_Sync_2**
@@ -425,7 +425,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run logon scripts synchronously*
- GP name: *Run_Logon_Script_Sync_2*
- GP path: *System\Scripts*
@@ -436,7 +436,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logon_Script_Visible**
+**ADMX_Scripts/Run_Logon_Script_Visible**
@@ -474,7 +474,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in logon scripts as they run*
- GP name: *Run_Logon_Script_Visible*
- GP path: *System\Scripts*
@@ -485,7 +485,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Shutdown_Script_Visible**
+**ADMX_Scripts/Run_Shutdown_Script_Visible**
@@ -523,7 +523,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in shutdown scripts as they run*
- GP name: *Run_Shutdown_Script_Visible*
- GP path: *System\Scripts*
@@ -534,7 +534,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Startup_Script_Sync**
+**ADMX_Scripts/Run_Startup_Script_Sync**
@@ -575,7 +575,7 @@ If you disable or don't configure this policy setting, a startup can't run until
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run startup scripts asynchronously*
- GP name: *Run_Startup_Script_Sync*
- GP path: *System\Scripts*
@@ -586,7 +586,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Startup_Script_Visible**
+**ADMX_Scripts/Run_Startup_Script_Visible**
@@ -627,7 +627,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in startup scripts as they run*
- GP name: *Run_Startup_Script_Visible*
- GP path: *System\Scripts*
@@ -638,7 +638,7 @@ ADMX Info:
-**ADMX_Scripts/Run_User_PS_Scripts_First**
+**ADMX_Scripts/Run_User_PS_Scripts_First**
@@ -665,25 +665,25 @@ ADMX Info:
-This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user sign in and sign out. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-
-If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user sign in and sign out.
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user sign in and sign out. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-For example, assume the following scenario:
+If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user sign in and sign out.
-There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
+For example, assume the following scenario:
+
+There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
GPO B and GPO C include the following user logon scripts:
- GPO B: B.cmd, B.ps1
- GPO C: C.cmd, C.ps1
-Assume also that there are two users, Qin Hong and Tamara Johnston.
+Assume also that there are two users, Qin Hong and Tamara Johnston.
For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:
- Within GPO B: B.ps1, B.cmd
- Within GPO C: C.ps1, C.cmd
-
+
For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:
- Within GPO B: B.cmd, B.ps1
@@ -700,7 +700,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run Windows PowerShell scripts first at user logon, logoff*
- GP name: *Run_User_PS_Scripts_First*
- GP path: *System\Scripts*
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index 354380bdd2..98532868c7 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_sdiageng.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_sdiageng
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_sdiageng policies
+## ADMX_sdiageng policies
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_sdiageng/BetterWhenConnected**
+**ADMX_sdiageng/BetterWhenConnected**
@@ -77,7 +77,7 @@ If you disable this policy setting, users can only access and search troubleshoo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)*
- GP name: *BetterWhenConnected*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy**
+**ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy**
@@ -127,7 +127,7 @@ If this policy setting is disabled, the users cannot access or run the troublesh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards*
- GP name: *ScriptedDiagnosticsExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
@@ -138,7 +138,7 @@ ADMX Info:
-**ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy**
+**ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy**
@@ -174,7 +174,7 @@ If you disable or don't configure this policy setting, the scripted diagnostics
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Security Policy for Scripted Diagnostics*
- GP name: *ScriptedDiagnosticsSecurityPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index 84cea15e19..6de574029e 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_sdiagschd.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/17/2020
ms.reviewer:
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_sdiagschd policies
+## ADMX_sdiagschd policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy**
+**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy**
@@ -62,21 +62,21 @@ manager: aaroncz
-This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
+This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
If you enable this policy setting, you must choose an execution level from the following:
-- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
-- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
+- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
+- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
-If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scheduled Maintenance Behavior*
- GP name: *ScheduledDiagnosticsExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scheduled Maintenance*
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 66efb88c7f..e223bafce2 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Securitycenter.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_Securitycenter
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Securitycenter policies
+## ADMX_Securitycenter policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain**
+**ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain**
@@ -61,15 +61,15 @@ manager: aaroncz
-This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk.
+This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk.
-The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
+The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect.
-If you don't configure this policy setting, the Security Center is turned off for domain members.
+If you don't configure this policy setting, the Security Center is turned off for domain members.
-If you enable this policy setting, Security Center is turned on for all users.
+If you enable this policy setting, Security Center is turned on for all users.
If you disable this policy setting, Security Center is turned off for domain members.
@@ -78,7 +78,7 @@ If you disable this policy setting, Security Center is turned off for domain mem
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Security Center (Domain PCs only)*
- GP name: *SecurityCenter_SecurityCenterInDomain*
- GP path: *Windows Components\Security Center*
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 37049367dc..95bffd5ac9 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Sensors.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/22/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_Sensors
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Sensors policies
+## ADMX_Sensors policies
@@ -47,7 +47,7 @@ manager: aaroncz
-**ADMX_Sensors/DisableLocationScripting_1**
+**ADMX_Sensors/DisableLocationScripting_1**
@@ -83,7 +83,7 @@ If you disable or don't configure this policy setting, all location scripts will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off location scripting*
- GP name: *DisableLocationScripting_1*
- GP path: *Windows Components\Location and Sensors*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_Sensors/DisableLocationScripting_2**
+**ADMX_Sensors/DisableLocationScripting_2**
@@ -130,7 +130,7 @@ If you disable or don't configure this policy setting, all location scripts will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off location scripting*
- GP name: *DisableLocationScripting_2*
- GP path: *Windows Components\Location and Sensors*
@@ -141,7 +141,7 @@ ADMX Info:
-**ADMX_Sensors/DisableLocation_1**
+**ADMX_Sensors/DisableLocation_1**
@@ -177,7 +177,7 @@ If you disable or don't configure this policy setting, all programs on this comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off location*
- GP name: *DisableLocation_1*
- GP path: *Windows Components\Location and Sensors*
@@ -188,7 +188,7 @@ ADMX Info:
-**ADMX_Sensors/DisableSensors_1**
+**ADMX_Sensors/DisableSensors_1**
@@ -224,7 +224,7 @@ If you disable or don't configure this policy setting, all programs on this comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off sensors*
- GP name: *DisableSensors_1*
- GP path: *Windows Components\Location and Sensors*
@@ -235,7 +235,7 @@ ADMX Info:
-**ADMX_Sensors/DisableSensors_2**
+**ADMX_Sensors/DisableSensors_2**
@@ -271,7 +271,7 @@ If you disable or don't configure this policy setting, all programs on this comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off sensors*
- GP name: *DisableSensors_2*
- GP path: *Windows Components\Location and Sensors*
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index 2f5de5c9a8..24b6080943 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_ServerManager.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_ServerManager policies
+## ADMX_ServerManager policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_ServerManager/Do_not_display_Manage_Your_Server_page**
+**ADMX_ServerManager/Do_not_display_Manage_Your_Server_page**
@@ -71,13 +71,13 @@ manager: aaroncz
-This policy setting allows you to turn off the automatic display of Server Manager at sign in.
+This policy setting allows you to turn off the automatic display of Server Manager at sign in.
-If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
+If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
-If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
+If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
-If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in.
+If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in.
> [!NOTE]
> Regardless of the status of this policy setting, Server Manager is available from the Start menu or the Windows taskbar.
@@ -86,7 +86,7 @@ If you don't configure this policy setting, Server Manager is displayed when a u
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display Server Manager automatically at logon*
- GP name: *Do_not_display_Manage_Your_Server_page*
- GP path: *System\Server Manager*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_ServerManager/ServerManagerAutoRefreshRate**
+**ADMX_ServerManager/ServerManagerAutoRefreshRate**
@@ -124,11 +124,11 @@ ADMX Info:
-This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you're managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers.
+This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you're managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers.
-- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Server 2012) that is configured in the Server Manager console.
+- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Server 2012) that is configured in the Server Manager console.
-- If you disable this policy setting, Server Manager doesn't refresh automatically. If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console.
+- If you disable this policy setting, Server Manager doesn't refresh automatically. If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console.
> [!NOTE]
> The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in Windows Server 2012.
@@ -138,7 +138,7 @@ This policy setting allows you to set the refresh interval for Server Manager. E
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the refresh interval for Server Manager*
- GP name: *ServerManagerAutoRefreshRate*
- GP path: *System\Server Manager*
@@ -149,7 +149,7 @@ ADMX Info:
-**ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks**
+**ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks**
@@ -175,9 +175,9 @@ ADMX Info:
-This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2.
+This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2.
-If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
+If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server.
@@ -187,7 +187,7 @@ If you don't configure this policy setting, the Initial Configuration Tasks wind
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display Initial Configuration Tasks window automatically at logon*
- GP name: *DoNotLaunchInitialConfigurationTasks*
- GP path: *System\Server Manager*
@@ -198,7 +198,7 @@ ADMX Info:
-**ADMX_ServerManager/DoNotLaunchServerManager**
+**ADMX_ServerManager/DoNotLaunchServerManager**
@@ -224,11 +224,11 @@ ADMX Info:
-This policy setting allows you to turn off the automatic display of the Manage Your Server page.
+This policy setting allows you to turn off the automatic display of the Manage Your Server page.
-- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator signs in to the server.
+- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator signs in to the server.
-- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator signs in to the server.
+- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator signs in to the server.
However, if the administrator has selected the "Don’t display this page at logon" option at the bottom of the Manage Your Server page, the page isn't displayed.
@@ -236,7 +236,7 @@ However, if the administrator has selected the "Don’t display this page at log
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display Manage Your Server page at logon*
- GP name: *DoNotLaunchServerManager*
- GP path: *System\Server Manager*
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index 07ca3a013c..719e360bac 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Servicing.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
@@ -18,7 +18,7 @@ manager: aaroncz
-## ADMX_Servicing policies
+## ADMX_Servicing policies
@@ -30,7 +30,7 @@ manager: aaroncz
-**ADMX_Servicing/Servicing**
+**ADMX_Servicing/Servicing**
@@ -58,7 +58,7 @@ manager: aaroncz
This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
-If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the "Alternate source file path" text box. Multiple locations can be specified when each path is separated by a semicolon.
+If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the "Alternate source file path" text box. Multiple locations can be specified when each path is separated by a semicolon.
The network location can be either a folder, or a WIM file. If it's a WIM file, the location should be specified by prefixing the path with “wim:” and include the index of the image to use in the WIM file, for example, “wim:\\server\share\install.wim:3”.
@@ -68,7 +68,7 @@ If you disable or don't configure this policy setting, or if the required files
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify settings for optional component installation and component repair*
- GP name: *Servicing*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index c68630eec1..116e79b9a4 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_SettingSync.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_SettingSync
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_SettingSync policies
+## ADMX_SettingSync policies
@@ -59,7 +59,7 @@ manager: aaroncz
-**ADMX_SettingSync/DisableAppSyncSettingSync**
+**ADMX_SettingSync/DisableAppSyncSettingSync**
@@ -97,7 +97,7 @@ If you don't set or disable this setting, syncing of the "AppSync" group is on b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync Apps*
- GP name: *DisableAppSyncSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -108,7 +108,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableApplicationSettingSync**
+**ADMX_SettingSync/DisableApplicationSettingSync**
@@ -146,7 +146,7 @@ If you don't set or disable this setting, syncing of the "app settings" group is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync app settings*
- GP name: *DisableApplicationSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -157,7 +157,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableCredentialsSettingSync**
+**ADMX_SettingSync/DisableCredentialsSettingSync**
@@ -195,7 +195,7 @@ If you don't set or disable this setting, syncing of the "passwords" group is on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync passwords*
- GP name: *DisableCredentialsSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -206,7 +206,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableDesktopThemeSettingSync**
+**ADMX_SettingSync/DisableDesktopThemeSettingSync**
@@ -244,7 +244,7 @@ If you don't set or disable this setting, syncing of the "desktop personalizatio
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync desktop personalization*
- GP name: *DisableDesktopThemeSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -255,7 +255,7 @@ ADMX Info:
-**ADMX_SettingSync/DisablePersonalizationSettingSync**
+**ADMX_SettingSync/DisablePersonalizationSettingSync**
@@ -293,7 +293,7 @@ If you don't set or disable this setting, syncing of the "personalize" group is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync personalize*
- GP name: *DisablePersonalizationSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -304,7 +304,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableSettingSync**
+**ADMX_SettingSync/DisableSettingSync**
@@ -342,7 +342,7 @@ If you don't set or disable this setting, "sync your settings" is on by default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync*
- GP name: *DisableSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -353,7 +353,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableStartLayoutSettingSync**
+**ADMX_SettingSync/DisableStartLayoutSettingSync**
@@ -391,7 +391,7 @@ If you don't set or disable this setting, syncing of the "Start layout" group is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync start settings*
- GP name: *DisableStartLayoutSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -402,7 +402,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableSyncOnPaidNetwork**
+**ADMX_SettingSync/DisableSyncOnPaidNetwork**
@@ -438,7 +438,7 @@ If you don't set or disable this setting, syncing on metered connections is conf
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync on metered connections*
- GP name: *DisableSyncOnPaidNetwork*
- GP path: *Windows Components\Sync your settings*
@@ -449,7 +449,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableWindowsSettingSync**
+**ADMX_SettingSync/DisableWindowsSettingSync**
@@ -487,7 +487,7 @@ If you don't set or disable this setting, syncing of the "Other Windows settings
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync other Windows settings*
- GP name: *DisableWindowsSettingSync*
- GP path: *Windows Components\Sync your settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index a018d51a65..1aa619b1dc 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_SharedFolders.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_SharedFolders
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_SharedFolders policies
+## ADMX_SharedFolders policies
@@ -37,7 +37,7 @@ manager: aaroncz
-**ADMX_SharedFolders/PublishDfsRoots**
+**ADMX_SharedFolders/PublishDfsRoots**
@@ -67,7 +67,7 @@ This policy setting determines whether the user can publish DFS roots in Active
If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
-If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled.
+If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled.
> [!NOTE]
> The default is to allow shared folders to be published when this setting is not configured.
@@ -76,7 +76,7 @@ If you disable this policy setting, users cannot publish DFS roots in AD DS and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow DFS roots to be published*
- GP name: *PublishDfsRoots*
- GP path: *Shared Folders*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_SharedFolders/PublishSharedFolders**
+**ADMX_SharedFolders/PublishSharedFolders**
@@ -118,7 +118,7 @@ This policy setting determines whether the user can publish shared folders in Ac
If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
-If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
+If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
> [!NOTE]
> The default is to allow shared folders to be published when this setting is not configured.
@@ -127,7 +127,7 @@ If you disable this policy setting, users can't publish shared folders in AD DS,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow shared folders to be published*
- GP name: *PublishSharedFolders*
- GP path: *Shared Folders*
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index 77f8afb7f8..7b02e8d272 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Sharing.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_Sharing
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Sharing policies
+## ADMX_Sharing policies
@@ -34,7 +34,7 @@ manager: aaroncz
-**ADMX_Sharing/NoInplaceSharing**
+**ADMX_Sharing/NoInplaceSharing**
@@ -70,7 +70,7 @@ If you disable or don't configure this policy setting, users can share files out
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from sharing files within their profile.*
- GP name: *NoInplaceSharing*
- GP path: *Windows Components\Network Sharing*
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index fa6a4ebe37..0329365c45 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_ShellCommandPromptRegEditTools.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_ShellCommandPromptRegEditTools policies
+## ADMX_ShellCommandPromptRegEditTools policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_ShellCommandPromptRegEditTools/DisallowApps**
+**ADMX_ShellCommandPromptRegEditTools/DisallowApps**
@@ -72,13 +72,13 @@ manager: aaroncz
This policy setting prevents users from running the interactive command prompt `Cmd.exe`.
-
+
This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
-If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
+If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
+
+If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
-If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
-
> [!NOTE]
> Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
@@ -87,7 +87,7 @@ If you disable this policy setting or don't configure it, users can run Cmd.exe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent access to the command prompt*
- GP name: *DisallowApps*
- GP path: *System*
@@ -99,7 +99,7 @@ ADMX Info:
-**ADMX_ShellCommandPromptRegEditTools/DisableRegedit**
+**ADMX_ShellCommandPromptRegEditTools/DisableRegedit**
@@ -125,11 +125,11 @@ ADMX Info:
-This policy setting disables the Windows registry editor `Regedit.exe`.
+This policy setting disables the Windows registry editor `Regedit.exe`.
-If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action.
+If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action.
-If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally.
+If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally.
To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting.
@@ -137,7 +137,7 @@ To prevent users from using other administrative tools, use the "Run only specif
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent access to registry editing tools*
- GP name: *DisableRegedit*
- GP path: *System\Server Manager*
@@ -148,7 +148,7 @@ ADMX Info:
-**ADMX_ShellCommandPromptRegEditTools/DisableCMD**
+**ADMX_ShellCommandPromptRegEditTools/DisableCMD**
@@ -174,15 +174,15 @@ ADMX Info:
-This policy setting limits the Windows programs that users have permission to run on the computer.
+This policy setting limits the Windows programs that users have permission to run on the computer.
-If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
+If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process.
-It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
-Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
+Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
@@ -190,7 +190,7 @@ To create a list of allowed applications, click Show. In the Show Contents dial
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run only specified Windows applications*
- GP name: *DisableCMD*
- GP path: *System*
@@ -201,7 +201,7 @@ ADMX Info:
-**ADMX_ShellCommandPromptRegEditTools/RestrictApps**
+**ADMX_ShellCommandPromptRegEditTools/RestrictApps**
@@ -227,13 +227,13 @@ ADMX Info:
-This policy setting prevents Windows from running the programs you specify in this policy setting.
+This policy setting prevents Windows from running the programs you specify in this policy setting.
-If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
+If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
-If you disable this policy setting or don't configure it, users can run any programs.
+If you disable this policy setting or don't configure it, users can run any programs.
-This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
@@ -244,7 +244,7 @@ To create a list of allowed applications, click Show. In the Show Contents dialo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Don't run specified Windows applications*
- GP name: *RestrictApps*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 8145f4e15f..859415fe2f 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Smartcard.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_Smartcard
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Smartcard policies
+## ADMX_Smartcard policies
@@ -80,7 +80,7 @@ manager: aaroncz
-**ADMX_Smartcard/AllowCertificatesWithNoEKU**
+**ADMX_Smartcard/AllowCertificatesWithNoEKU**
@@ -122,7 +122,7 @@ If you disable or don't configure this policy setting, only certificates that co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow certificates with no extended key usage certificate attribute*
- GP name: *AllowCertificatesWithNoEKU*
- GP path: *Windows Components\Smart Card*
@@ -133,7 +133,7 @@ ADMX Info:
-**ADMX_Smartcard/AllowIntegratedUnblock**
+**ADMX_Smartcard/AllowIntegratedUnblock**
@@ -171,7 +171,7 @@ If you disable or don't configure this policy setting then the integrated unbloc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Integrated Unblock screen to be displayed at the time of logon*
- GP name: *AllowIntegratedUnblock*
- GP path: *Windows Components\Smart Card*
@@ -182,7 +182,7 @@ ADMX Info:
-**ADMX_Smartcard/AllowSignatureOnlyKeys**
+**ADMX_Smartcard/AllowSignatureOnlyKeys**
@@ -218,7 +218,7 @@ If you disable or don't configure this policy setting, any available smart card
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow signature keys valid for Logon*
- GP name: *AllowSignatureOnlyKeys*
- GP path: *Windows Components\Smart Card*
@@ -229,7 +229,7 @@ ADMX Info:
-**ADMX_Smartcard/AllowTimeInvalidCertificates**
+**ADMX_Smartcard/AllowTimeInvalidCertificates**
@@ -257,7 +257,7 @@ ADMX Info:
This policy setting permits those certificates to be displayed for a sign-in, which are either expired or not yet valid.
-Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine.
+Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine.
If you enable this policy setting, certificates will be listed on the sign-in screen regardless of whether they have an invalid time or their time validity has expired.
@@ -267,7 +267,7 @@ If you disable or don't configure this policy setting, certificates that are exp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow time invalid certificates*
- GP name: *AllowTimeInvalidCertificates*
- GP path: *Windows Components\Smart Card*
@@ -278,7 +278,7 @@ ADMX Info:
-**ADMX_Smartcard/CertPropEnabledString**
+**ADMX_Smartcard/CertPropEnabledString**
@@ -314,7 +314,7 @@ If you disable this policy setting, certificate propagation won't occur and the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on certificate propagation from smart card*
- GP name: *CertPropEnabledString*
- GP path: *Windows Components\Smart Card*
@@ -325,7 +325,7 @@ ADMX Info:
-**ADMX_Smartcard/CertPropRootCleanupString**
+**ADMX_Smartcard/CertPropRootCleanupString**
@@ -351,9 +351,9 @@ ADMX Info:
-This policy setting allows you to manage the cleanup behavior of root certificates.
+This policy setting allows you to manage the cleanup behavior of root certificates.
-If you enable this policy setting, then root certificate cleanup will occur according to the option selected.
+If you enable this policy setting, then root certificate cleanup will occur according to the option selected.
If you disable or don't configure this setting then root certificate cleanup will occur on a sign out.
@@ -361,7 +361,7 @@ If you disable or don't configure this setting then root certificate cleanup wil
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure root certificate clean up*
- GP name: *CertPropRootCleanupString*
- GP path: *Windows Components\Smart Card*
@@ -372,7 +372,7 @@ ADMX Info:
-**ADMX_Smartcard/CertPropRootEnabledString**
+**ADMX_Smartcard/CertPropRootEnabledString**
@@ -411,7 +411,7 @@ If you disable this policy setting, then root certificates won't be propagated f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on root certificate propagation from smart card*
- GP name: *CertPropRootEnabledString*
- GP path: *Windows Components\Smart Card*
@@ -422,7 +422,7 @@ ADMX Info:
-**ADMX_Smartcard/DisallowPlaintextPin**
+**ADMX_Smartcard/DisallowPlaintextPin**
@@ -448,9 +448,9 @@ ADMX Info:
-This policy setting prevents plaintext PINs from being returned by Credential Manager.
+This policy setting prevents plaintext PINs from being returned by Credential Manager.
-If you enable this policy setting, Credential Manager doesn't return a plaintext PIN.
+If you enable this policy setting, Credential Manager doesn't return a plaintext PIN.
If you disable or don't configure this policy setting, plaintext PINs can be returned by Credential Manager.
@@ -461,7 +461,7 @@ If you disable or don't configure this policy setting, plaintext PINs can be ret
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent plaintext PINs from being returned by Credential Manager*
- GP name: *DisallowPlaintextPin*
- GP path: *Windows Components\Smart Card*
@@ -472,7 +472,7 @@ ADMX Info:
-**ADMX_Smartcard/EnumerateECCCerts**
+**ADMX_Smartcard/EnumerateECCCerts**
@@ -505,14 +505,14 @@ If you enable this policy setting, ECC certificates on a smart card can be used
If you disable or don't configure this policy setting, ECC certificates on a smart card can't be used to sign in to a domain.
> [!NOTE]
-> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
+> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow ECC certificates to be used for logon and authentication*
- GP name: *EnumerateECCCerts*
- GP path: *Windows Components\Smart Card*
@@ -523,7 +523,7 @@ ADMX Info:
-**ADMX_Smartcard/FilterDuplicateCerts**
+**ADMX_Smartcard/FilterDuplicateCerts**
@@ -553,7 +553,7 @@ This policy setting lets you configure if all your valid logon certificates are
During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This scenario can cause confusion as to which certificate to select for a sign in. The common case for this behavior is when a certificate is renewed and the old one hasn't yet expired. Two certificates are determined to be the same if they're issued from the same template with the same major version and they're for the same user (determined by their UPN).
-If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.
+If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.
> [!NOTE]
> This setting will be applied after this policy: "Allow time invalid certificates"
@@ -566,7 +566,7 @@ If you disable this policy setting, no filtering will take place.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Filter duplicate logon certificates*
- GP name: *FilterDuplicateCerts*
- GP path: *Windows Components\Smart Card*
@@ -577,7 +577,7 @@ ADMX Info:
-**ADMX_Smartcard/ForceReadingAllCertificates**
+**ADMX_Smartcard/ForceReadingAllCertificates**
@@ -615,7 +615,7 @@ If you disable or don't configure this setting, Windows will only attempt to rea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force the reading of all certificates from the smart card*
- GP name: *ForceReadingAllCertificates*
- GP path: *Windows Components\Smart Card*
@@ -626,7 +626,7 @@ ADMX Info:
-**ADMX_Smartcard/IntegratedUnblockPromptString**
+**ADMX_Smartcard/IntegratedUnblockPromptString**
@@ -654,7 +654,7 @@ ADMX Info:
This policy setting allows you to manage the displayed message when a smart card is blocked.
-If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
+If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
> [!NOTE]
> The following policy setting must be enabled: "Allow Integrated Unblock screen to be displayed at the time of logon".
@@ -665,7 +665,7 @@ If you disable or don't configure this policy setting, the default message will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display string when smart card is blocked*
- GP name: *IntegratedUnblockPromptString*
- GP path: *Windows Components\Smart Card*
@@ -676,7 +676,7 @@ ADMX Info:
-**ADMX_Smartcard/ReverseSubject**
+**ADMX_Smartcard/ReverseSubject**
@@ -702,11 +702,11 @@ ADMX Info:
-This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in.
+This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in.
By default the User Principal Name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
-If you enable this policy setting or don't configure this setting, then the subject name will be reversed.
+If you enable this policy setting or don't configure this setting, then the subject name will be reversed.
If you disable, the subject name will be displayed as it appears in the certificate.
@@ -714,7 +714,7 @@ If you disable, the subject name will be displayed as it appears in the certific
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reverse the subject name stored in a certificate when displaying*
- GP name: *ReverseSubject*
- GP path: *Windows Components\Smart Card*
@@ -725,7 +725,7 @@ ADMX Info:
-**ADMX_Smartcard/SCPnPEnabled**
+**ADMX_Smartcard/SCPnPEnabled**
@@ -764,7 +764,7 @@ If you disable this policy setting, Smart Card Plug and Play will be disabled an
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Smart Card Plug and Play service*
- GP name: *SCPnPEnabled*
- GP path: *Windows Components\Smart Card*
@@ -775,7 +775,7 @@ ADMX Info:
-**ADMX_Smartcard/SCPnPNotification**
+**ADMX_Smartcard/SCPnPNotification**
@@ -814,7 +814,7 @@ If you disable this policy setting, a confirmation message won't be displayed wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Notify user of successful smart card driver installation*
- GP name: *SCPnPNotification*
- GP path: *Windows Components\Smart Card*
@@ -825,7 +825,7 @@ ADMX Info:
-**ADMX_Smartcard/X509HintsNeeded**
+**ADMX_Smartcard/X509HintsNeeded**
@@ -861,7 +861,7 @@ If you disable or don't configure this policy setting, an optional field that al
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow user name hint*
- GP name: *X509HintsNeeded*
- GP path: *Windows Components\Smart Card*
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index a65f75e734..7d3c267de8 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Snmp.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/24/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_Snmp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Snmp policies
+## ADMX_Snmp policies
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_Snmp/SNMP_Communities**
+**ADMX_Snmp/SNMP_Communities**
@@ -89,7 +89,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify communities*
- GP name: *SNMP_Communities*
- GP path: *Network\SNMP*
@@ -100,7 +100,7 @@ ADMX Info:
-**ADMX_Snmp/SNMP_PermittedManagers**
+**ADMX_Snmp/SNMP_PermittedManagers**
@@ -147,7 +147,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and "
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify permitted managers*
- GP name: *SNMP_PermittedManagers*
- GP path: *Network\SNMP*
@@ -158,7 +158,7 @@ ADMX Info:
-**ADMX_Snmp/SNMP_Traps_Public**
+**ADMX_Snmp/SNMP_Traps_Public**
@@ -203,7 +203,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify traps for public community*
- GP name: *SNMP_Traps_Public*
- GP path: *Network\SNMP*
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index dcc94a5737..9a1a7a7fd8 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_SoundRec.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_SoundRec policies
+## ADMX_SoundRec policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1**
+**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1**
@@ -65,18 +65,18 @@ manager: aaroncz
-This policy specifies whether Sound Recorder can run.
+This policy specifies whether Sound Recorder can run.
-Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you enable this policy setting, Sound Recorder won't run.
+If you enable this policy setting, Sound Recorder won't run.
If you disable or don't configure this policy setting, Sound Recorder can run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Sound Recorder to run*
- GP name: *Soundrec_DiableApplication_TitleText_1*
- GP path: *Windows Components\Sound Recorder*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2**
+**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2**
@@ -114,18 +114,18 @@ ADMX Info:
-This policy specifies whether Sound Recorder can run.
+This policy specifies whether Sound Recorder can run.
-Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you enable this policy setting, Sound Recorder won't run.
+If you enable this policy setting, Sound Recorder won't run.
If you disable or don't configure this policy setting, Sound Recorder can be run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Sound Recorder to run*
- GP name: *Soundrec_DiableApplication_TitleText_2*
- GP path: *Windows Components\Sound Recorder*
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index b5f0f4d1cb..d56e6b36ff 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_srmfci.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_srmfci
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_srmfci policies
+## ADMX_srmfci policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_srmfci/EnableShellAccessCheck**
+**ADMX_srmfci/EnableShellAccessCheck**
@@ -71,7 +71,7 @@ This group policy setting should be set on Windows clients to enable access-deni
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable access-denied assistance on client for all file types*
- GP name: *EnableShellAccessCheck*
- GP path: *System\Access-Denied Assistance*
@@ -82,7 +82,7 @@ ADMX Info:
-**ADMX_srmfci/AccessDeniedConfiguration**
+**ADMX_srmfci/AccessDeniedConfiguration**
@@ -108,18 +108,18 @@ ADMX Info:
-This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
+This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
-If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
+If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
-If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration.
+If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration.
If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Customize message for Access Denied errors*
- GP name: *AccessDeniedConfiguration*
- GP path: *System\Access-Denied Assistance*
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index 8c6e907ba3..aff23491ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_StartMenu.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/20/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_StartMenu
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_StartMenu policies
+## ADMX_StartMenu policies
@@ -233,7 +233,7 @@ manager: aaroncz
-**ADMX_StartMenu/AddSearchInternetLinkInStartMenu**
+**ADMX_StartMenu/AddSearchInternetLinkInStartMenu**
@@ -269,7 +269,7 @@ If you don't configure this policy (default), there won't be a "Search the Inter
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Search Internet link to Start Menu*
- GP name: *AddSearchInternetLinkInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -280,7 +280,7 @@ ADMX Info:
-**ADMX_StartMenu/ClearRecentDocsOnExit**
+**ADMX_StartMenu/ClearRecentDocsOnExit**
@@ -327,7 +327,7 @@ This policy also doesn't clear items that the user may have pinned to the Jump L
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Clear history of recently opened documents on exit*
- GP name: *ClearRecentDocsOnExit*
- GP path: *Start Menu and Taskbar*
@@ -338,7 +338,7 @@ ADMX Info:
-**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu**
+**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu**
@@ -372,7 +372,7 @@ If you disable or don't configure this policy, the start menu recent programs li
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Clear the recent programs list for new users*
- GP name: *ClearRecentProgForNewUserInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -383,7 +383,7 @@ ADMX Info:
-**ADMX_StartMenu/ClearTilesOnExit**
+**ADMX_StartMenu/ClearTilesOnExit**
@@ -419,7 +419,7 @@ This setting doesn't prevent new notifications from appearing. See the "Turn off
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Clear tile notifications during log on*
- GP name: *ClearTilesOnExit*
- GP path: *Start Menu and Taskbar*
@@ -430,7 +430,7 @@ ADMX Info:
-**ADMX_StartMenu/DesktopAppsFirstInAppsView**
+**ADMX_StartMenu/DesktopAppsFirstInAppsView**
@@ -466,7 +466,7 @@ If you disable or don't configure this policy setting, the desktop apps won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List desktop apps first in the Apps view*
- GP name: *DesktopAppsFirstInAppsView*
- GP path: *Start Menu and Taskbar*
@@ -477,7 +477,7 @@ ADMX Info:
-**ADMX_StartMenu/DisableGlobalSearchOnAppsView**
+**ADMX_StartMenu/DisableGlobalSearchOnAppsView**
@@ -515,7 +515,7 @@ If you disable or don’t configure this policy setting, the user can configure
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Search just apps from the Apps view*
- GP name: *DisableGlobalSearchOnAppsView*
- GP path: *Start Menu and Taskbar*
@@ -526,7 +526,7 @@ ADMX Info:
-**ADMX_StartMenu/ForceStartMenuLogOff**
+**ADMX_StartMenu/ForceStartMenuLogOff**
@@ -571,7 +571,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Logoff to the Start Menu*
- GP name: *ForceStartMenuLogOff*
- GP path: *Start Menu and Taskbar*
@@ -582,7 +582,7 @@ ADMX Info:
-**ADMX_StartMenu/GoToDesktopOnSignIn**
+**ADMX_StartMenu/GoToDesktopOnSignIn**
@@ -620,7 +620,7 @@ If you don’t configure this policy setting, the default setting for the user
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Go to the desktop instead of Start when signing in*
- GP name: *GoToDesktopOnSignIn*
- GP path: *Start Menu and Taskbar*
@@ -631,7 +631,7 @@ ADMX Info:
-**ADMX_StartMenu/GreyMSIAds**
+**ADMX_StartMenu/GreyMSIAds**
@@ -669,10 +669,10 @@ If you disable this setting or don't configure it, all Start menu shortcuts appe
> Enabling this setting can make the Start menu slow to open.
->
+>
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Gray unavailable Windows Installer programs Start Menu shortcuts*
- GP name: *GreyMSIAds*
- GP path: *Start Menu and Taskbar*
@@ -683,7 +683,7 @@ ADMX Info:
-**ADMX_StartMenu/HidePowerOptions**
+**ADMX_StartMenu/HidePowerOptions**
@@ -719,7 +719,7 @@ If you disable or don't configure this policy setting, the Power button and the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
- GP name: *HidePowerOptions*
- GP path: *Start Menu and Taskbar*
@@ -730,7 +730,7 @@ ADMX Info:
-**ADMX_StartMenu/Intellimenus**
+**ADMX_StartMenu/Intellimenus**
@@ -771,7 +771,7 @@ To Turn off personalized menus without specifying a setting, click Start, click
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off personalized menus*
- GP name: *Intellimenus*
- GP path: *Start Menu and Taskbar*
@@ -782,7 +782,7 @@ ADMX Info:
-**ADMX_StartMenu/LockTaskbar**
+**ADMX_StartMenu/LockTaskbar**
@@ -823,7 +823,7 @@ If you disable this setting or don't configure it, the user can configure the ta
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lock the Taskbar*
- GP name: *LockTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -834,7 +834,7 @@ ADMX Info:
-**ADMX_StartMenu/MemCheckBoxInRunDlg**
+**ADMX_StartMenu/MemCheckBoxInRunDlg**
@@ -870,7 +870,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add "Run in Separate Memory Space" check box to Run dialog box*
- GP name: *MemCheckBoxInRunDlg*
- GP path: *Start Menu and Taskbar*
@@ -881,7 +881,7 @@ ADMX Info:
-**ADMX_StartMenu/NoAutoTrayNotify**
+**ADMX_StartMenu/NoAutoTrayNotify**
@@ -921,7 +921,7 @@ If you don't configure it, the user can choose if they want notifications collap
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off notification area cleanup*
- GP name: *NoAutoTrayNotify*
- GP path: *Start Menu and Taskbar*
@@ -932,7 +932,7 @@ ADMX Info:
-**ADMX_StartMenu/NoBalloonTip**
+**ADMX_StartMenu/NoBalloonTip**
@@ -970,7 +970,7 @@ If you disable this setting or don't configure it, all pop-up text is displayed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Balloon Tips on Start Menu items*
- GP name: *NoBalloonTip*
- GP path: *Start Menu and Taskbar*
@@ -981,7 +981,7 @@ ADMX Info:
-**ADMX_StartMenu/NoChangeStartMenu**
+**ADMX_StartMenu/NoChangeStartMenu**
@@ -1017,7 +1017,7 @@ If you disable or don't configure this setting, you'll allow a user to select an
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from customizing their Start Screen*
- GP name: *NoChangeStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -1028,7 +1028,7 @@ ADMX Info:
-**ADMX_StartMenu/NoClose**
+**ADMX_StartMenu/NoClose**
@@ -1067,7 +1067,7 @@ If you disable or don't configure this policy setting, the Power button and the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
- GP name: *NoClose*
- GP path: *Start Menu and Taskbar*
@@ -1078,7 +1078,7 @@ ADMX Info:
-**ADMX_StartMenu/NoCommonGroups**
+**ADMX_StartMenu/NoCommonGroups**
@@ -1114,7 +1114,7 @@ To see the Program menu items in the All Users profile, on the system drive, go
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove common program groups from Start Menu*
- GP name: *NoCommonGroups*
- GP path: *Start Menu and Taskbar*
@@ -1125,7 +1125,7 @@ ADMX Info:
-**ADMX_StartMenu/NoFavoritesMenu**
+**ADMX_StartMenu/NoFavoritesMenu**
@@ -1159,7 +1159,7 @@ If you disable or don't configure this setting, the Display Favorite item is ava
> [!NOTE]
> The Favorites menu doesn't appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.
->
+>
> The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.
>
> This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.
@@ -1168,7 +1168,7 @@ If you disable or don't configure this setting, the Display Favorite item is ava
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Favorites menu from Start Menu*
- GP name: *NoFavoritesMenu*
- GP path: *Start Menu and Taskbar*
@@ -1179,7 +1179,7 @@ ADMX Info:
-**ADMX_StartMenu/NoFind**
+**ADMX_StartMenu/NoFind**
@@ -1222,7 +1222,7 @@ If you disable or don't configure this policy setting, the Search link is availa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Search link from Start Menu*
- GP name: *NoFind*
- GP path: *Start Menu and Taskbar*
@@ -1233,7 +1233,7 @@ ADMX Info:
-**ADMX_StartMenu/NoGamesFolderOnStartMenu**
+**ADMX_StartMenu/NoGamesFolderOnStartMenu**
@@ -1267,7 +1267,7 @@ If you disable or don't configure this policy, the start menu will show a link t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Games link from Start Menu*
- GP name: *NoGamesFolderOnStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -1278,7 +1278,7 @@ ADMX Info:
-**ADMX_StartMenu/NoHelp**
+**ADMX_StartMenu/NoHelp**
@@ -1316,7 +1316,7 @@ This policy setting only affects the Start menu. It doesn't remove the Help menu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Help menu from Start Menu*
- GP name: *NoHelp*
- GP path: *Start Menu and Taskbar*
@@ -1327,7 +1327,7 @@ ADMX Info:
-**ADMX_StartMenu/NoInstrumentation**
+**ADMX_StartMenu/NoInstrumentation**
@@ -1367,7 +1367,7 @@ This policy setting doesn't prevent users from pinning programs to the Start Me
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off user tracking*
- GP name: *NoInstrumentation*
- GP path: *Start Menu and Taskbar*
@@ -1378,7 +1378,7 @@ ADMX Info:
-**ADMX_StartMenu/NoMoreProgramsList**
+**ADMX_StartMenu/NoMoreProgramsList**
@@ -1419,7 +1419,7 @@ If you disable or don't configure this setting, the all apps list will be visibl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove All Programs list from the Start menu*
- GP name: *NoMoreProgramsList*
- GP path: *Start Menu and Taskbar*
@@ -1430,7 +1430,7 @@ ADMX Info:
-**ADMX_StartMenu/NoNetAndDialupConnect**
+**ADMX_StartMenu/NoNetAndDialupConnect**
@@ -1472,7 +1472,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Network Connections from Start Menu*
- GP name: *NoNetAndDialupConnect*
- GP path: *Start Menu and Taskbar*
@@ -1483,7 +1483,7 @@ ADMX Info:
-**ADMX_StartMenu/NoPinnedPrograms**
+**ADMX_StartMenu/NoPinnedPrograms**
@@ -1519,7 +1519,7 @@ If you disable this setting or don't configure it, the "Pinned Programs" list re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove pinned programs list from the Start Menu*
- GP name: *NoPinnedPrograms*
- GP path: *Start Menu and Taskbar*
@@ -1530,7 +1530,7 @@ ADMX Info:
-**ADMX_StartMenu/NoRecentDocsMenu**
+**ADMX_StartMenu/NoRecentDocsMenu**
@@ -1577,7 +1577,7 @@ This setting also doesn't hide document shortcuts displayed in the Open dialog b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Recent Items menu from Start Menu*
- GP name: *NoRecentDocsMenu*
- GP path: *Start Menu and Taskbar*
@@ -1588,7 +1588,7 @@ ADMX Info:
-**ADMX_StartMenu/NoResolveSearch**
+**ADMX_StartMenu/NoResolveSearch**
@@ -1629,7 +1629,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use the search-based method when resolving shell shortcuts*
- GP name: *NoResolveSearch*
- GP path: *Start Menu and Taskbar*
@@ -1640,7 +1640,7 @@ ADMX Info:
-**ADMX_StartMenu/NoResolveTrack**
+**ADMX_StartMenu/NoResolveTrack**
@@ -1680,7 +1680,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use the tracking-based method when resolving shell shortcuts*
- GP name: *NoResolveTrack*
- GP path: *Start Menu and Taskbar*
@@ -1691,7 +1691,7 @@ ADMX Info:
-**ADMX_StartMenu/NoRun**
+**ADMX_StartMenu/NoRun**
@@ -1746,7 +1746,7 @@ If you disable or don't configure this setting, users will be able to access the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Run menu from Start Menu*
- GP name: *NoRun*
- GP path: *Start Menu and Taskbar*
@@ -1757,7 +1757,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMConfigurePrograms**
+**ADMX_StartMenu/NoSMConfigurePrograms**
@@ -1798,7 +1798,7 @@ If you disable or don't configure this policy setting, the Default Programs link
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Default Programs link from the Start menu.*
- GP name: *NoSMConfigurePrograms*
- GP path: *Start Menu and Taskbar*
@@ -1809,7 +1809,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyDocuments**
+**ADMX_StartMenu/NoSMMyDocuments**
@@ -1850,7 +1850,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Documents icon from Start Menu*
- GP name: *NoSMMyDocuments*
- GP path: *Start Menu and Taskbar*
@@ -1861,7 +1861,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyMusic**
+**ADMX_StartMenu/NoSMMyMusic**
@@ -1897,7 +1897,7 @@ If you disable or don't configure this policy setting, the Music icon is availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Music icon from Start Menu*
- GP name: *NoSMMyMusic*
- GP path: *Start Menu and Taskbar*
@@ -1908,7 +1908,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyNetworkPlaces**
+**ADMX_StartMenu/NoSMMyNetworkPlaces**
@@ -1944,7 +1944,7 @@ If you disable or don't configure this policy setting, the Network icon is avail
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Network icon from Start Menu*
- GP name: *NoSMMyNetworkPlaces*
- GP path: *Start Menu and Taskbar*
@@ -1955,7 +1955,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyPictures**
+**ADMX_StartMenu/NoSMMyPictures**
@@ -1991,7 +1991,7 @@ If you disable or don't configure this policy setting, the Pictures icon is avai
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Pictures icon from Start Menu*
- GP name: *NoSMMyPictures*
- GP path: *Start Menu and Taskbar*
@@ -2002,7 +2002,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchCommInStartMenu**
+**ADMX_StartMenu/NoSearchCommInStartMenu**
@@ -2036,7 +2036,7 @@ If you disable or don't configure this policy, the start menu will search for co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search communications*
- GP name: *NoSearchCommInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2047,7 +2047,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchComputerLinkInStartMenu**
+**ADMX_StartMenu/NoSearchComputerLinkInStartMenu**
@@ -2081,7 +2081,7 @@ If you disable or don't configure this policy, the "See all results" link will b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Search Computer link*
- GP name: *NoSearchComputerLinkInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2092,7 +2092,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu**
+**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu**
@@ -2126,7 +2126,7 @@ If you disable or don't configure this policy, a "See more results" link will be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove See More Results / Search Everywhere link*
- GP name: *NoSearchEverywhereLinkInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2137,7 +2137,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchFilesInStartMenu**
+**ADMX_StartMenu/NoSearchFilesInStartMenu**
@@ -2171,7 +2171,7 @@ If you disable or don't configure this policy setting, the Start menu will searc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search for files*
- GP name: *NoSearchFilesInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2182,7 +2182,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchInternetInStartMenu**
+**ADMX_StartMenu/NoSearchInternetInStartMenu**
@@ -2216,7 +2216,7 @@ If you disable or don't configure this policy, the start menu will search for in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search Internet*
- GP name: *NoSearchInternetInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2227,7 +2227,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchProgramsInStartMenu**
+**ADMX_StartMenu/NoSearchProgramsInStartMenu**
@@ -2261,7 +2261,7 @@ If you disable or don't configure this policy setting, the Start menu search box
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search programs and Control Panel items*
- GP name: *NoSearchProgramsInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2272,7 +2272,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSetFolders**
+**ADMX_StartMenu/NoSetFolders**
@@ -2312,7 +2312,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove programs on Settings menu*
- GP name: *NoSetFolders*
- GP path: *Start Menu and Taskbar*
@@ -2323,7 +2323,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSetTaskbar**
+**ADMX_StartMenu/NoSetTaskbar**
@@ -2361,7 +2361,7 @@ If you disable or don't configure this policy setting, the Taskbar and Start Men
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changes to Taskbar and Start Menu Settings*
- GP name: *NoSetTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -2372,7 +2372,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuDownload**
+**ADMX_StartMenu/NoStartMenuDownload**
@@ -2408,7 +2408,7 @@ If you disable or don't configure this policy setting, the Downloads link is ava
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Downloads link from Start Menu*
- GP name: *NoStartMenuDownload*
- GP path: *Start Menu and Taskbar*
@@ -2419,7 +2419,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuHomegroup**
+**ADMX_StartMenu/NoStartMenuHomegroup**
@@ -2453,7 +2453,7 @@ If you disable or don't configure this policy, users can use the Start Menu opti
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Homegroup link from Start Menu*
- GP name: *NoStartMenuHomegroup*
- GP path: *Start Menu and Taskbar*
@@ -2464,7 +2464,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuRecordedTV**
+**ADMX_StartMenu/NoStartMenuRecordedTV**
@@ -2500,7 +2500,7 @@ If you disable or don't configure this policy setting, the Recorded TV link is a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Recorded TV link from Start Menu*
- GP name: *NoStartMenuRecordedTV*
- GP path: *Start Menu and Taskbar*
@@ -2511,7 +2511,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuSubFolders**
+**ADMX_StartMenu/NoStartMenuSubFolders**
@@ -2551,7 +2551,7 @@ If you disable this setting or don't configure it, Windows 2000 Professional and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove user's folders from the Start Menu*
- GP name: *NoStartMenuSubFolders*
- GP path: *Start Menu and Taskbar*
@@ -2562,7 +2562,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuVideos**
+**ADMX_StartMenu/NoStartMenuVideos**
@@ -2598,7 +2598,7 @@ If you disable or don't configure this policy setting, the Videos link is availa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Videos link from Start Menu*
- GP name: *NoStartMenuVideos*
- GP path: *Start Menu and Taskbar*
@@ -2609,7 +2609,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartPage**
+**ADMX_StartMenu/NoStartPage**
@@ -2649,7 +2649,7 @@ If you don't configure this setting, the default is the new style, and the user
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force classic Start Menu*
- GP name: *NoStartPage*
- GP path: *Start Menu and Taskbar*
@@ -2660,7 +2660,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTaskBarClock**
+**ADMX_StartMenu/NoTaskBarClock**
@@ -2696,7 +2696,7 @@ If you disable or don't configure this setting, the default behavior of the cloc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Clock from the system notification area*
- GP name: *NoTaskBarClock*
- GP path: *Start Menu and Taskbar*
@@ -2707,7 +2707,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTaskGrouping**
+**ADMX_StartMenu/NoTaskGrouping**
@@ -2745,7 +2745,7 @@ If you disable or don't configure it, items on the taskbar that share the same p
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent grouping of taskbar items*
- GP name: *NoTaskGrouping*
- GP path: *Start Menu and Taskbar*
@@ -2756,7 +2756,7 @@ ADMX Info:
-**ADMX_StartMenu/NoToolbarsOnTaskbar**
+**ADMX_StartMenu/NoToolbarsOnTaskbar**
@@ -2794,7 +2794,7 @@ If this setting is disabled or isn't configured, the taskbar displays all toolba
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display any custom toolbars in the taskbar*
- GP name: *NoToolbarsOnTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -2805,7 +2805,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTrayContextMenu**
+**ADMX_StartMenu/NoTrayContextMenu**
@@ -2843,7 +2843,7 @@ This policy setting doesn't prevent users from using other methods to issue the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove access to the context menus for the taskbar*
- GP name: *NoTrayContextMenu*
- GP path: *Start Menu and Taskbar*
@@ -2854,7 +2854,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTrayItemsDisplay**
+**ADMX_StartMenu/NoTrayItemsDisplay**
@@ -2895,7 +2895,7 @@ If this setting is disabled or isn't configured, the notification area is shown
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the notification area*
- GP name: *NoTrayItemsDisplay*
- GP path: *Start Menu and Taskbar*
@@ -2906,7 +2906,7 @@ ADMX Info:
-**ADMX_StartMenu/NoUninstallFromStart**
+**ADMX_StartMenu/NoUninstallFromStart**
@@ -2940,7 +2940,7 @@ If you disable this setting or don't configure it, users can access the uninstal
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from uninstalling applications from Start*
- GP name: *NoUninstallFromStart*
- GP path: *Start Menu and Taskbar*
@@ -2951,7 +2951,7 @@ ADMX Info:
-**ADMX_StartMenu/NoUserFolderOnStartMenu**
+**ADMX_StartMenu/NoUserFolderOnStartMenu**
@@ -2985,7 +2985,7 @@ If you disable or don't configure this policy, the start menu will display a lin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove user folder link from Start Menu*
- GP name: *NoUserFolderOnStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2996,7 +2996,7 @@ ADMX Info:
-**ADMX_StartMenu/NoUserNameOnStartMenu**
+**ADMX_StartMenu/NoUserNameOnStartMenu**
@@ -3032,7 +3032,7 @@ If you disable or don't configure this policy setting, the user name label appea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove user name from Start Menu*
- GP name: *NoUserNameOnStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -3043,7 +3043,7 @@ ADMX Info:
-**ADMX_StartMenu/NoWindowsUpdate**
+**ADMX_StartMenu/NoWindowsUpdate**
@@ -3085,7 +3085,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove links and access to Windows Update*
- GP name: *NoWindowsUpdate*
- GP path: *Start Menu and Taskbar*
@@ -3096,7 +3096,7 @@ ADMX Info:
-**ADMX_StartMenu/PowerButtonAction**
+**ADMX_StartMenu/PowerButtonAction**
@@ -3134,7 +3134,7 @@ If you disable or don't configure this setting, the Start Menu power button will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Change Start Menu power button*
- GP name: *PowerButtonAction*
- GP path: *Start Menu and Taskbar*
@@ -3145,7 +3145,7 @@ ADMX Info:
-**ADMX_StartMenu/QuickLaunchEnabled**
+**ADMX_StartMenu/QuickLaunchEnabled**
@@ -3183,7 +3183,7 @@ If you don't configure this policy setting, then users will be able to turn the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show QuickLaunch on Taskbar*
- GP name: *QuickLaunchEnabled*
- GP path: *Start Menu and Taskbar*
@@ -3194,7 +3194,7 @@ ADMX Info:
-**ADMX_StartMenu/RemoveUnDockPCButton**
+**ADMX_StartMenu/RemoveUnDockPCButton**
@@ -3228,7 +3228,7 @@ If you disable this setting or don't configure it, the "Undock PC" button remain
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the "Undock PC" button from the Start Menu*
- GP name: *RemoveUnDockPCButton*
- GP path: *Start Menu and Taskbar*
@@ -3239,7 +3239,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowAppsViewOnStart**
+**ADMX_StartMenu/ShowAppsViewOnStart**
@@ -3275,7 +3275,7 @@ If you disable or don’t configure this policy setting, the Start screen will a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show the Apps view automatically when the user goes to Start*
- GP name: *ShowAppsViewOnStart*
- GP path: *Start Menu and Taskbar*
@@ -3286,7 +3286,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowRunAsDifferentUserInStart**
+**ADMX_StartMenu/ShowRunAsDifferentUserInStart**
@@ -3325,7 +3325,7 @@ If you disable this setting or don't configure it, users can't access the "Run a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show "Run as different user" command on Start*
- GP name: *ShowRunAsDifferentUserInStart*
- GP path: *Start Menu and Taskbar*
@@ -3336,7 +3336,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowRunInStartMenu**
+**ADMX_StartMenu/ShowRunInStartMenu**
@@ -3372,7 +3372,7 @@ If the Remove Run link from Start Menu policy is set, the Add the Run command to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add the Run command to the Start Menu*
- GP name: *ShowRunInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -3383,7 +3383,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey**
+**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey**
@@ -3415,7 +3415,7 @@ ADMX Info:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show Start on the display the user is using when they press the Windows logo key*
- GP name: *ShowStartOnDisplayWithForegroundOnWinKey*
- GP path: *Start Menu and Taskbar*
@@ -3426,7 +3426,7 @@ ADMX Info:
-**ADMX_StartMenu/StartMenuLogOff**
+**ADMX_StartMenu/StartMenuLogOff**
@@ -3469,7 +3469,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Logoff on the Start Menu*
- GP name: *StartMenuLogOff*
- GP path: *Start Menu and Taskbar*
@@ -3480,7 +3480,7 @@ ADMX Info:
-**ADMX_StartMenu/StartPinAppsWhenInstalled**
+**ADMX_StartMenu/StartPinAppsWhenInstalled**
@@ -3513,7 +3513,7 @@ This policy setting allows pinning apps to Start by default, when they're includ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Pin Apps to Start when installed*
- GP name: *StartPinAppsWhenInstalled*
- GP path: *Start Menu and Taskbar*
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index 4ca5a3d3a1..7711aaec84 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_SystemRestore.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/13/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_SystemRestore
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_SystemRestore policies
+## ADMX_SystemRestore policies
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_SystemRestore/SR_DisableConfig**
+**ADMX_SystemRestore/SR_DisableConfig**
@@ -75,7 +75,7 @@ Also, see the "Turn off System Restore" policy setting. If the "Turn off System
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Configuration*
- GP name: *SR_DisableConfig*
- GP path: *System\System Restore*
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index cfc57b2098..82eee23e73 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_TabletShell.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_TabletShell
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_TabletShell policies
+## ADMX_TabletShell policies
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_TabletShell/DisableInkball_1**
+**ADMX_TabletShell/DisableInkball_1**
@@ -65,9 +65,9 @@ manager: aaroncz
-This policy setting prevents start of InkBall game.
+This policy setting prevents start of InkBall game.
-If you enable this policy, the InkBall game won't run.
+If you enable this policy, the InkBall game won't run.
If you disable this policy, the InkBall game will run. If you don't configure this policy, the InkBall game will run.
@@ -75,7 +75,7 @@ If you disable this policy, the InkBall game will run. If you don't configure t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Inkball to run*
- GP name: *DisableInkball_1*
- GP path: *Windows Components\Tablet PC\Accessories*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_TabletShell/DisableNoteWriterPrinting_1**
+**ADMX_TabletShell/DisableNoteWriterPrinting_1**
@@ -113,9 +113,9 @@ ADMX Info:
-This policy setting prevents printing to Journal Note Writer.
+This policy setting prevents printing to Journal Note Writer.
-If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail.
+If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail.
If you disable this policy, you'll be able to use this feature to print to a Journal Note. If you don't configure this policy, users will be able to use this feature to print to a Journal Note.
@@ -124,7 +124,7 @@ If you disable this policy, you'll be able to use this feature to print to a Jou
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow printing to Journal Note Writer*
- GP name: *DisableNoteWriterPrinting_1*
- GP path: *Windows Components\Tablet PC\Accessories*
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 3436685cc9..107ce3f16c 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Taskbar.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
@@ -17,14 +17,14 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Taskbar policies
+## ADMX_Taskbar policies
@@ -99,7 +99,7 @@ manager: aaroncz
-**ADMX_Taskbar/DisableNotificationCenter**
+**ADMX_Taskbar/DisableNotificationCenter**
@@ -139,7 +139,7 @@ If you disable or don't configure this policy setting, Notification and Security
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Notifications and Action Center*
- GP name: *DisableNotificationCenter*
- GP path: *Start Menu and Taskbar*
@@ -150,7 +150,7 @@ ADMX Info:
-**ADMX_Taskbar/EnableLegacyBalloonNotifications**
+**ADMX_Taskbar/EnableLegacyBalloonNotifications**
@@ -180,7 +180,7 @@ This policy disables the functionality that converts balloons to toast notificat
If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.
-Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications.
+Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications.
If you disable or don’t configure this policy setting, all notifications will appear as toast notifications.
@@ -190,7 +190,7 @@ If you disable or don’t configure this policy setting, all notifications will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable showing balloon notifications as toasts.*
- GP name: *EnableLegacyBalloonNotifications*
- GP path: *Start Menu and Taskbar*
@@ -201,7 +201,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCAHealth**
+**ADMX_Taskbar/HideSCAHealth**
@@ -236,7 +236,7 @@ If you disable or don't configure this policy setting, the Security and Maintena
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the Security and Maintenance icon*
- GP name: *HideSCAHealth*
- GP path: *Start Menu and Taskbar*
@@ -247,7 +247,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCANetwork**
+**ADMX_Taskbar/HideSCANetwork**
@@ -282,7 +282,7 @@ If you disable or don't configure this policy setting, the networking icon is di
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the networking icon*
- GP name: *HideSCANetwork*
- GP path: *Start Menu and Taskbar*
@@ -293,7 +293,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCAPower**
+**ADMX_Taskbar/HideSCAPower**
@@ -328,7 +328,7 @@ If you disable or don't configure this policy setting, the battery meter is disp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the battery meter*
- GP name: *HideSCAPower*
- GP path: *Start Menu and Taskbar*
@@ -339,7 +339,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCAVolume**
+**ADMX_Taskbar/HideSCAVolume**
@@ -374,7 +374,7 @@ If you disable or don't configure this policy setting, the volume control icon i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the volume control icon*
- GP name: *HideSCAVolume*
- GP path: *Start Menu and Taskbar*
@@ -385,7 +385,7 @@ ADMX Info:
-**ADMX_Taskbar/NoBalloonFeatureAdvertisements**
+**ADMX_Taskbar/NoBalloonFeatureAdvertisements**
@@ -420,7 +420,7 @@ If you disable don't configure this policy setting, feature advertisement balloo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off feature advertisement balloon notifications*
- GP name: *NoBalloonFeatureAdvertisements*
- GP path: *Start Menu and Taskbar*
@@ -431,7 +431,7 @@ ADMX Info:
-**ADMX_Taskbar/NoPinningStoreToTaskbar**
+**ADMX_Taskbar/NoPinningStoreToTaskbar**
@@ -466,7 +466,7 @@ If you disable or don't configure this policy setting, users can pin the Store a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow pinning Store app to the Taskbar*
- GP name: *NoPinningStoreToTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -477,7 +477,7 @@ ADMX Info:
-**ADMX_Taskbar/NoPinningToDestinations**
+**ADMX_Taskbar/NoPinningToDestinations**
@@ -512,7 +512,7 @@ If you disable or don't configure this policy setting, users can pin files, fold
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow pinning items in Jump Lists*
- GP name: *NoPinningToDestinations*
- GP path: *Start Menu and Taskbar*
@@ -523,7 +523,7 @@ ADMX Info:
-**ADMX_Taskbar/NoPinningToTaskbar**
+**ADMX_Taskbar/NoPinningToTaskbar**
@@ -558,7 +558,7 @@ If you disable or don't configure this policy setting, users can change the prog
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow pinning programs to the Taskbar*
- GP name: *NoPinningToTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -570,7 +570,7 @@ ADMX Info:
-**ADMX_Taskbar/NoRemoteDestinations**
+**ADMX_Taskbar/NoRemoteDestinations**
@@ -602,7 +602,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu
If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers aren't tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.
-If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.
+If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.
> [!NOTE]
> This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting.
@@ -611,7 +611,7 @@ If you disable or don't configure this policy setting, all files that the user o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display or track items in Jump Lists from remote locations*
- GP name: *NoRemoteDestinations*
- GP path: *Start Menu and Taskbar*
@@ -623,7 +623,7 @@ ADMX Info:
-**ADMX_Taskbar/NoSystraySystemPromotion**
+**ADMX_Taskbar/NoSystraySystemPromotion**
@@ -658,7 +658,7 @@ If you disable or don't configure this policy setting, newly added notification
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic promotion of notification icons to the taskbar*
- GP name: *NoSystraySystemPromotion*
- GP path: *Start Menu and Taskbar*
@@ -670,7 +670,7 @@ ADMX Info:
-**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar**
+**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar**
@@ -707,7 +707,7 @@ If you don’t configure this policy setting, the default setting for the user
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show Windows Store apps on the taskbar*
- GP name: *ShowWindowsStoreAppsOnTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -720,7 +720,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarLockAll**
+**ADMX_Taskbar/TaskbarLockAll**
@@ -755,7 +755,7 @@ If you disable or don't configure this policy setting, the user will be able to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lock all taskbar settings*
- GP name: *TaskbarLockAll*
- GP path: *Start Menu and Taskbar*
@@ -768,7 +768,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoAddRemoveToolbar**
+**ADMX_Taskbar/TaskbarNoAddRemoveToolbar**
@@ -802,7 +802,7 @@ If you disable or don't configure this policy setting, the users and application
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from adding or removing toolbars*
- GP name: *TaskbarNoAddRemoveToolbar*
- GP path: *Start Menu and Taskbar*
@@ -815,7 +815,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoDragToolbar**
+**ADMX_Taskbar/TaskbarNoDragToolbar**
@@ -849,7 +849,7 @@ If you disable or don't configure this policy setting, users are able to rearran
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from rearranging toolbars*
- GP name: *TaskbarNoDragToolbar*
- GP path: *Start Menu and Taskbar*
@@ -861,7 +861,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoMultimon**
+**ADMX_Taskbar/TaskbarNoMultimon**
@@ -896,7 +896,7 @@ If you disable or don't configure this policy setting, users can show taskbars o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow taskbars on more than one display*
- GP name: *TaskbarNoMultimon*
- GP path: *Start Menu and Taskbar*
@@ -909,7 +909,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoNotification**
+**ADMX_Taskbar/TaskbarNoNotification**
@@ -944,7 +944,7 @@ If you disable or don't configure this policy setting, notification balloons are
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off all balloon notifications*
- GP name: *TaskbarNoNotification*
- GP path: *Start Menu and Taskbar*
@@ -955,7 +955,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoPinnedList**
+**ADMX_Taskbar/TaskbarNoPinnedList**
@@ -990,7 +990,7 @@ If you disable or don't configure this policy setting, users can pin programs so
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove pinned programs from the Taskbar*
- GP name: *TaskbarNoPinnedList*
- GP path: *Start Menu and Taskbar*
@@ -1002,7 +1002,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoRedock**
+**ADMX_Taskbar/TaskbarNoRedock**
@@ -1038,7 +1038,7 @@ If you disable or don't configure this policy setting, users are able to drag th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from moving taskbar to another screen dock location*
- GP name: *TaskbarNoRedock*
- GP path: *Start Menu and Taskbar*
@@ -1050,7 +1050,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoResize**
+**ADMX_Taskbar/TaskbarNoResize**
@@ -1085,7 +1085,7 @@ If you disable or don't configure this policy setting, users are able to resize
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from resizing the taskbar*
- GP name: *TaskbarNoResize*
- GP path: *Start Menu and Taskbar*
@@ -1097,7 +1097,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoThumbnail**
+**ADMX_Taskbar/TaskbarNoThumbnail**
@@ -1132,7 +1132,7 @@ If you disable or don't configure this policy setting, the taskbar thumbnails ar
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off taskbar thumbnails*
- GP name: *TaskbarNoThumbnail*
- GP path: *Start Menu and Taskbar*
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index 7ef48341ef..16255c4155 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_tcpip.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
@@ -17,14 +17,14 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_tcpip policies
+## ADMX_tcpip policies
@@ -72,7 +72,7 @@ manager: aaroncz
-**ADMX_tcpip/6to4_Router_Name**
+**ADMX_tcpip/6to4_Router_Name**
@@ -107,7 +107,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set 6to4 Relay Name*
- GP name: *6to4_Router_Name*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -118,7 +118,7 @@ ADMX Info:
-**ADMX_tcpip/6to4_Router_Name_Resolution_Interval**
+**ADMX_tcpip/6to4_Router_Name_Resolution_Interval**
@@ -153,7 +153,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set 6to4 Relay Name Resolution Interval*
- GP name: *6to4_Router_Name_Resolution_Interval*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -164,7 +164,7 @@ ADMX Info:
-**ADMX_tcpip/6to4_State**
+**ADMX_tcpip/6to4_State**
@@ -203,7 +203,7 @@ If you enable this policy setting, you can configure 6to4 with one of the follow
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set 6to4 State*
- GP name: *6to4_State*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -214,7 +214,7 @@ ADMX Info:
-**ADMX_tcpip/IPHTTPS_ClientState**
+**ADMX_tcpip/IPHTTPS_ClientState**
@@ -253,7 +253,7 @@ If you enable this policy setting, you can specify an IP-HTTPS server URL. You w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set IP-HTTPS State*
- GP name: *IPHTTPS_ClientState*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -264,7 +264,7 @@ ADMX Info:
-**ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State**
+**ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State**
@@ -299,7 +299,7 @@ If you disable this policy setting, IP Stateless Autoconfiguration Limits will b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set IP Stateless Autoconfiguration Limits State*
- GP name: *IP_Stateless_Autoconfiguration_Limits_State*
- GP path: *Network\TCPIP Settings\Parameters*
@@ -310,7 +310,7 @@ ADMX Info:
-**ADMX_tcpip/ISATAP_Router_Name**
+**ADMX_tcpip/ISATAP_Router_Name**
@@ -345,7 +345,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set ISATAP Router Name*
- GP name: *ISATAP_Router_Name*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -356,7 +356,7 @@ ADMX Info:
-**ADMX_tcpip/ISATAP_State**
+**ADMX_tcpip/ISATAP_State**
@@ -395,7 +395,7 @@ If you enable this policy setting, you can configure ISATAP with one of the foll
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set ISATAP State*
- GP name: *ISATAP_State*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -406,7 +406,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Client_Port**
+**ADMX_tcpip/Teredo_Client_Port**
@@ -441,7 +441,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Client Port*
- GP name: *Teredo_Client_Port*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -452,7 +452,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Default_Qualified**
+**ADMX_tcpip/Teredo_Default_Qualified**
@@ -489,7 +489,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Default Qualified*
- GP name: *Teredo_Default_Qualified*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -500,7 +500,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Refresh_Rate**
+**ADMX_tcpip/Teredo_Refresh_Rate**
@@ -538,7 +538,7 @@ If you disable or do not configure this policy setting, the refresh rate is conf
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Refresh Rate*
- GP name: *Teredo_Refresh_Rate*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -549,7 +549,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Server_Name**
+**ADMX_tcpip/Teredo_Server_Name**
@@ -584,7 +584,7 @@ If you disable or do not configure this policy setting, the local settings on th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Server Name*
- GP name: *Teredo_Server_Name*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -595,7 +595,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_State**
+**ADMX_tcpip/Teredo_State**
@@ -635,7 +635,7 @@ If you enable this policy setting, you can configure Teredo with one of the foll
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo State*
- GP name: *Teredo_State*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -646,7 +646,7 @@ ADMX Info:
-**ADMX_tcpip/Windows_Scaling_Heuristics_State**
+**ADMX_tcpip/Windows_Scaling_Heuristics_State**
@@ -683,7 +683,7 @@ If you disable this policy setting, Window Scaling Heuristics will be disabled a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Window Scaling Heuristics State*
- GP name: *Windows_Scaling_Heuristics_State*
- GP path: *Network\TCPIP Settings\Parameters*
@@ -693,7 +693,7 @@ ADMX Info:
->
+>
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index f4dd3f6be6..458bfb9ffe 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_TerminalServer.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/21/2021
ms.reviewer:
@@ -15,16 +15,16 @@ manager: aaroncz
# Policy CSP - ADMX_TerminalServer
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_TerminalServer policies
+## ADMX_TerminalServer policies
@@ -302,7 +302,7 @@ manager: aaroncz
-**ADMX_TerminalServer/TS_AUTO_RECONNECT**
+**ADMX_TerminalServer/TS_AUTO_RECONNECT**
@@ -337,7 +337,7 @@ If the status is set to Disabled, automatic reconnection of clients is prohibite
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatic reconnection*
- GP name: *TS_AUTO_RECONNECT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -350,7 +350,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**
+**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**
@@ -376,16 +376,16 @@ ADMX Info:
-This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices.
+This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices.
-If you enable this policy setting, users can't redirect their video capture devices to the remote computer.
+If you enable this policy setting, users can't redirect their video capture devices to the remote computer.
If you disable or don't configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow video capture redirection*
- GP name: *TS_CAMERA_REDIRECTION*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -398,7 +398,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**
+**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**
@@ -424,13 +424,13 @@ ADMX Info:
-This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.
+This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.
-A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
+A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
-If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
+If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
-If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
>[!NOTE]
>If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
@@ -438,7 +438,7 @@ If no certificate can be found that was created with the specified certificate t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Server authentication certificate template*
- GP name: *TS_CERTIFICATE_TEMPLATE_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -451,7 +451,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
@@ -477,7 +477,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
@@ -505,11 +505,11 @@ ADMX Info:
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
-This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).
-If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
-If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
>[!NOTE]
>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
@@ -517,7 +517,7 @@ If you disable this policy setting, users can't run .rdp files that are signed w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings*
- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -529,7 +529,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**
@@ -555,13 +555,13 @@ ADMX Info:
-This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
+This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
-This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file).
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file).
-If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
-If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
>[!NOTE]
>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
@@ -569,7 +569,7 @@ If you disable this policy setting, users can't run .rdp files that are signed w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings*
- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -582,7 +582,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**
@@ -608,16 +608,16 @@ ADMX Info:
-This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
-If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from unknown publishers*
- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -630,7 +630,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**
@@ -656,16 +656,16 @@ ADMX Info:
-This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
-If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from unknown publishers*
- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -678,7 +678,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_AUDIO**
+**ADMX_TerminalServer/TS_CLIENT_AUDIO**
@@ -704,20 +704,20 @@ ADMX Info:
-This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.
+This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.
-Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.
+Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.
-By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.
+By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.
-If you enable this policy setting, audio and video playback redirection is allowed.
+If you enable this policy setting, audio and video playback redirection is allowed.
If you disable this policy setting, audio and video playback redirection isn't allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. If you don't configure this policy setting, audio and video playback redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow audio and video playback redirection*
- GP name: *TS_CLIENT_AUDIO*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -730,7 +730,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**
@@ -758,16 +758,16 @@ ADMX Info:
This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC).
-Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.
+Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.
-If you enable this policy setting, audio recording redirection is allowed.
+If you enable this policy setting, audio recording redirection is allowed.
If you disable this policy setting, audio recording redirection isn't allowed, even if audio recording redirection is specified in RDC. If you don't configure this policy setting, Audio recording redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow audio recording redirection*
- GP name: *TS_CLIENT_AUDIO_CAPTURE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -780,7 +780,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**
@@ -808,18 +808,18 @@ ADMX Info:
This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. If you enable this policy setting, you must select one of the following values: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This audio transmission requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used.
-If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.
+If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.
-For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
+For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
-Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.
+Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.
If you disable or don't configure this policy setting, audio playback quality will be set to Dynamic.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit audio playback quality*
- GP name: *TS_CLIENT_AUDIO_QUALITY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -832,7 +832,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**
+**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**
@@ -858,20 +858,20 @@ ADMX Info:
-This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.
+This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.
-You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.
+You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.
-If you enable this policy setting, users can't redirect Clipboard data.
+If you enable this policy setting, users can't redirect Clipboard data.
-If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.
+If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.
If you don't configure this policy setting, Clipboard redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Clipboard redirection*
- GP name: *TS_CLIENT_CLIPBOARD*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -884,7 +884,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_COM**
+**ADMX_TerminalServer/TS_CLIENT_COM**
@@ -910,20 +910,20 @@ ADMX Info:
-This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.
+This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.
-You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.
+You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.
-If you enable this policy setting, users can't redirect server data to the local COM port.
+If you enable this policy setting, users can't redirect server data to the local COM port.
-If you disable this policy setting, Remote Desktop Services always allows COM port redirection.
+If you disable this policy setting, Remote Desktop Services always allows COM port redirection.
If you don't configure this policy setting, COM port redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow COM port redirection*
- GP name: *TS_CLIENT_COM*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -936,7 +936,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**
+**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**
@@ -962,20 +962,20 @@ ADMX Info:
-This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.
+This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.
-By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.
+By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.
-If you enable this policy setting, the default printer is the printer specified on the remote computer.
+If you enable this policy setting, the default printer is the printer specified on the remote computer.
-If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.
+If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.
If you don't configure this policy setting, the default printer isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not set default client printer to be default printer in a session*
- GP name: *TS_CLIENT_DEFAULT_M*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -988,7 +988,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**
@@ -1014,16 +1014,16 @@ ADMX Info:
-This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available.
+This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available.
-If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you've a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are more issues to investigate.
+If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you've a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are more issues to investigate.
If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow hardware accelerated decoding*
- GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1036,7 +1036,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**
@@ -1062,7 +1062,7 @@ ADMX Info:
-This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection.
+This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection.
If you enable this setting, the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When users open an RDP file using Remote Desktop Connection and save their settings, any password that previously existed in the RDP file will be deleted.
@@ -1071,7 +1071,7 @@ If you disable this setting or leave it not configured, the user will be able to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow passwords to be saved*
- GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1084,7 +1084,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_LPT**
+**ADMX_TerminalServer/TS_CLIENT_LPT**
@@ -1110,16 +1110,16 @@ ADMX Info:
-This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.
+This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.
-If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port.
+If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port.
If you disable this policy setting, LPT port redirection is always allowed. If you don't configure this policy setting, LPT port redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow LPT port redirection*
- GP name: *TS_CLIENT_LPT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -1132,7 +1132,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_PNP**
+**ADMX_TerminalServer/TS_CLIENT_PNP**
@@ -1158,11 +1158,11 @@ ADMX Info:
-This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices.
+This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices.
-If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.
+If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.
-If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions.
+If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions.
>[!NOTE]
>You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.
@@ -1170,7 +1170,7 @@ If you enable this policy setting, users can't redirect their supported Plug and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow supported Plug and Play device redirection*
- GP name: *TS_CLIENT_PNP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -1183,7 +1183,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_PRINTER**
+**ADMX_TerminalServer/TS_CLIENT_PRINTER**
@@ -1209,18 +1209,18 @@ ADMX Info:
-This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.
+This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.
-If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.
+If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.
-If you disable this policy setting, users can redirect print jobs with client printer mapping.
+If you disable this policy setting, users can redirect print jobs with client printer mapping.
If you don't configure this policy setting, client printer mapping isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow client printer redirection*
- GP name: *TS_CLIENT_PRINTER*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1233,7 +1233,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**
@@ -1259,23 +1259,23 @@ ADMX Info:
-This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
-If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
-If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
+If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
>[!NOTE]
->You can define this policy setting in the Computer Configuration node or in the User Configuration node.
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node.
-If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that isn't a certificate thumbprint, it's ignored.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1288,7 +1288,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**
@@ -1314,23 +1314,23 @@ ADMX Info:
-This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
-If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
-If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
+If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
>[!NOTE]
->You can define this policy setting in the Computer Configuration node or in the User Configuration node.
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node.
-If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that isn't a certificate thumbprint, it's ignored.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1343,7 +1343,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**
+**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**
@@ -1369,16 +1369,16 @@ ADMX Info:
-This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.
+This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.
-If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.
+If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.
If you disable or don't configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn Off UDP On Client*
- GP name: *TS_CLIENT_TURN_OFF_UDP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1391,7 +1391,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_COLORDEPTH**
+**ADMX_TerminalServer/TS_COLORDEPTH**
@@ -1417,24 +1417,24 @@ ADMX Info:
-This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.
+This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.
-If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.
+If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.
-If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level.
+If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level.
>[!NOTE]
-> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
->2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
->3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
-> - a. Value specified by this policy setting
-> - b. Maximum color depth supported by the client
+> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
+>2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
+>3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
+> - a. Value specified by this policy setting
+> - b. Maximum color depth supported by the client
> - c. Value requested by the client If the client doesn't support at least 16 bits, the connection is terminated.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit maximum color depth*
- GP name: *TS_COLORDEPTH*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -1447,7 +1447,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**
+**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**
@@ -1473,21 +1473,21 @@ ADMX Info:
-This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.
+This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.
>[!NOTE]
->If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.
+>If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.
If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked.
-When the size of the entire roaming user profile cache exceeds the maximum size that you've specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.
+When the size of the entire roaming user profile cache exceeds the maximum size that you've specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.
If you disable or don't configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive. Note: This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the size of the entire roaming user profile cache*
- GP name: *TS_DELETE_ROAMING_USER_PROFILES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
@@ -1500,7 +1500,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**
+**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**
@@ -1526,18 +1526,18 @@ ADMX Info:
-This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.
+This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.
-You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions.
+You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions.
-If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session.
+If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session.
If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce Removal of Remote Desktop Wallpaper*
- GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -1549,7 +1549,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**
+**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**
@@ -1575,11 +1575,11 @@ ADMX Info:
-This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.
+This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.
-If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.
+If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.
-If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.
+If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.
>[!NOTE]
>The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session isn't affected by this policy setting.
@@ -1587,7 +1587,7 @@ If you don't configure this policy setting, Remote Desktop Services sessions on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use hardware graphics adapters for all Remote Desktop Services sessions*
- GP name: *TS_DX_USE_FULL_HWGPU*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -1600,7 +1600,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_EASY_PRINT**
+**ADMX_TerminalServer/TS_EASY_PRINT**
@@ -1626,11 +1626,11 @@ ADMX Info:
-This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
-If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
+If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
-If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
>[!NOTE]
>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
@@ -1638,7 +1638,7 @@ If you disable this policy setting, the RD Session Host server tries to find a s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use Remote Desktop Easy Print printer driver first*
- GP name: *TS_EASY_PRINT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1651,7 +1651,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_EASY_PRINT_User**
+**ADMX_TerminalServer/TS_EASY_PRINT_User**
@@ -1677,11 +1677,11 @@ ADMX Info:
-This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
-If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
+If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
-If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
>[!NOTE]
>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
@@ -1689,7 +1689,7 @@ If you disable this policy setting, the RD Session Host server tries to find a s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use Remote Desktop Easy Print printer driver first*
- GP name: *TS_EASY_PRINT_User*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1702,7 +1702,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_EnableVirtualGraphics**
+**ADMX_TerminalServer/TS_EnableVirtualGraphics**
@@ -1728,20 +1728,20 @@ ADMX Info:
-This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs).
+This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs).
-By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
-If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
-If you disable this policy setting, RemoteFX will be disabled.
+If you disable this policy setting, RemoteFX will be disabled.
If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RemoteFX*
- GP name: *TS_EnableVirtualGraphics*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -1754,7 +1754,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**
+**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**
@@ -1780,16 +1780,16 @@ ADMX Info:
-This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
+This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
-If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are:
+If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are:
-- **Do nothing if one is not found** - If there's a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This behavior is the default behavior.
-- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.
-- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.
-- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.
+- **Do nothing if one is not found** - If there's a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This behavior is the default behavior.
+- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.
+- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.
+- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.
-If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver. If you don't configure this policy setting, the fallback printer driver behavior is off by default.
+If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver. If you don't configure this policy setting, the fallback printer driver behavior is off by default.
>[!NOTE]
>If the **Do not allow client printer redirection** setting is enabled, this policy setting is ignored and the fallback printer driver is disabled.
@@ -1797,7 +1797,7 @@ If you disable this policy setting, the RD Session Host server fallback driver i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify RD Session Host server fallback printer driver behavior*
- GP name: *TS_FALLBACKPRINTDRIVERTYPE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1810,7 +1810,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**
+**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**
@@ -1836,11 +1836,11 @@ ADMX Info:
-This policy setting determines whether an administrator attempting to connect remotely to the console of a server can sign out an administrator currently signed in to the console. This policy is useful when the currently connected administrator doesn't want to be signed out by another administrator. If the connected administrator is signed out, any data not previously saved is lost.
+This policy setting determines whether an administrator attempting to connect remotely to the console of a server can sign out an administrator currently signed in to the console. This policy is useful when the currently connected administrator doesn't want to be signed out by another administrator. If the connected administrator is signed out, any data not previously saved is lost.
-If you enable this policy setting, signing out the connected administrator isn't allowed.
+If you enable this policy setting, signing out the connected administrator isn't allowed.
-If you disable or don't configure this policy setting, signing out the connected administrator is allowed.
+If you disable or don't configure this policy setting, signing out the connected administrator is allowed.
>[!NOTE]
>The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.
@@ -1848,7 +1848,7 @@ If you disable or don't configure this policy setting, signing out the connected
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny logoff of an administrator logged in to the console session*
- GP name: *TS_FORCIBLE_LOGOFF*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -1913,7 +1913,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**
@@ -1939,11 +1939,11 @@ ADMX Info:
-This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
+This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
-By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
-To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you enable this setting, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.
+To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you enable this setting, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.
If you disable or don't configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method isn't specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication.
@@ -1952,7 +1952,7 @@ If you disable or don't configure this policy setting, the authentication method
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set RD Gateway authentication method*
- GP name: *TS_GATEWAY_POLICY_AUTH_METHOD*
- GP path: *Windows Components\Remote Desktop Services\RD Gateway*
@@ -1963,7 +1963,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**
@@ -1989,16 +1989,16 @@ ADMX Info:
-This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
+This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
-By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
>[!NOTE]
->It's highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
+>It's highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
-To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server.
+To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server.
-Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.
+Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.
>[!NOTE]
>If you disable or don't configure this policy setting, but enable the **Enable connections through RD Gateway** policy setting, client connection attempts to any remote computer will fail, if the client can't connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
@@ -2006,7 +2006,7 @@ Users can specify an alternative RD Gateway server by configuring settings on th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set RD Gateway server address*
- GP name: *TS_GATEWAY_POLICY_SERVER*
- GP path: *Windows Components\Remote Desktop Services\RD Gateway*
@@ -2018,7 +2018,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**
+**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**
@@ -2044,22 +2044,22 @@ ADMX Info:
-This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
+This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
-If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.
+If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.
-If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
+If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
-If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level.
+If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level.
->[!NOTE]
->1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
+>[!NOTE]
+>1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
>2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Join RD Connection Broker*
- GP name: *TS_JOIN_SESSION_DIRECTORY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -2072,7 +2072,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_KEEP_ALIVE**
+**ADMX_TerminalServer/TS_KEEP_ALIVE**
@@ -2098,18 +2098,18 @@ ADMX Info:
-This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.
+This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.
-After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client signs in to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.
+After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client signs in to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.
-If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.
+If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.
If you disable or don't configure this policy setting, a keep-alive interval isn't set and the server won't check the session state.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure keep-alive connection interval*
- GP name: *TS_KEEP_ALIVE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -2122,7 +2122,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSE_SECGROUP**
+**ADMX_TerminalServer/TS_LICENSE_SECGROUP**
@@ -2148,13 +2148,13 @@ ADMX Info:
-This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).
+This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).
-You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.
+You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.
-If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty.
+If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty.
-If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting.
+If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting.
>[!NOTE]
>You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
@@ -2162,7 +2162,7 @@ If you disable or don't configure this policy setting, the Remote Desktop licens
-ADMX Info:
+ADMX Info:
- GP Friendly name: *License server security group*
- GP name: *TS_LICENSE_SECGROUP*
- GP path: *Windows Components\Remote Desktop Services\RD Licensing*
@@ -2175,7 +2175,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSE_SERVERS**
+**ADMX_TerminalServer/TS_LICENSE_SERVERS**
@@ -2201,20 +2201,20 @@ ADMX Info:
-This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.
+This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.
-If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery.
+If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery.
+
+In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:
+1. Remote Desktop license servers that are published in Active Directory Domain Services.
+2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
-In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:
-1. Remote Desktop license servers that are published in Active Directory Domain Services.
-2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
-
1If you disable or don't configure this policy setting, the RD Session Host server doesn't specify a license server at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use the specified Remote Desktop license servers*
- GP name: *TS_LICENSE_SERVERS*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
@@ -2227,7 +2227,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**
+**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**
@@ -2253,18 +2253,18 @@ ADMX Info:
-This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.
+This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.
-By default, notifications are displayed on an RD Session Host server after you sign in as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.
+By default, notifications are displayed on an RD Session Host server after you sign in as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.
-If you enable this policy setting, these notifications won't be displayed on the RD Session Host server.
+If you enable this policy setting, these notifications won't be displayed on the RD Session Host server.
If you disable or don't configure this policy setting, these notifications will be displayed on the RD Session Host server after you sign in as a local administrator.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide notifications about RD Licensing problems that affect the RD Session Host server*
- GP name: *TS_LICENSE_TOOLTIP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
@@ -2277,7 +2277,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSING_MODE**
+**ADMX_TerminalServer/TS_LICENSING_MODE**
@@ -2303,21 +2303,21 @@ ADMX Info:
-This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
+This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
-You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User.
-- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.
-- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.
-- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD.
+You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User.
+- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.
+- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.
+- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD.
-If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
+If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set the Remote Desktop licensing mode*
- GP name: *TS_LICENSING_MODE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
@@ -2330,7 +2330,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_MAX_CON_POLICY**
+**ADMX_TerminalServer/TS_MAX_CON_POLICY**
@@ -2356,23 +2356,23 @@ ADMX Info:
-This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, other users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources.
+This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, other users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources.
-By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
+By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
-To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.
+To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.
-If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.
+If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.
-If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level.
+If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level.
->[!NOTE]
+>[!NOTE]
>This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit number of connections*
- GP name: *TS_MAX_CON_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -2385,7 +2385,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_MAXDISPLAYRES**
+**ADMX_TerminalServer/TS_MAXDISPLAYRES**
@@ -2411,16 +2411,16 @@ ADMX Info:
-This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.
+This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.
-If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.
+If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.
If you disable or don't configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit maximum display resolution*
- GP name: *TS_MAXDISPLAYRES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2433,7 +2433,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_MAXMONITOR**
+**ADMX_TerminalServer/TS_MAXMONITOR**
@@ -2459,16 +2459,16 @@ ADMX Info:
-This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.
+This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.
-If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.
+If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.
If you disable or don't configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit number of monitors*
- GP name: *TS_MAXMONITOR*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2481,7 +2481,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_NoDisconnectMenu**
+**ADMX_TerminalServer/TS_NoDisconnectMenu**
@@ -2507,21 +2507,21 @@ ADMX Info:
-This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.
+This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.
-If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box.
+If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box.
-If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box.
+If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box.
>[!NOTE]
->This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session.
+>This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session.
This policy setting also doesn't prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the **Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions** policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Disconnect" option from Shut Down dialog*
- GP name: *TS_NoDisconnectMenu*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2534,7 +2534,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_NoSecurityMenu**
+**ADMX_TerminalServer/TS_NoSecurityMenu**
@@ -2560,16 +2560,16 @@ ADMX Info:
-This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.
+This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.
-If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.
+If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.
If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Windows Security item from Start menu*
- GP name: *TS_NoSecurityMenu*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2582,7 +2582,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_PreventLicenseUpgrade**
+**ADMX_TerminalServer/TS_PreventLicenseUpgrade**
@@ -2608,22 +2608,22 @@ ADMX Info:
-This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.
+This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.
-A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.
+A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.
-By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following types of clients:
-- A client connecting to a Windows Server 2003 terminal server
-- A client connecting to a Windows 2000 terminal server
+By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following types of clients:
+- A client connecting to a Windows Server 2003 terminal server
+- A client connecting to a Windows 2000 terminal server
-If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired.
+If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired.
If you disable or don't configure this policy setting, the license server will exhibit the default behavior noted earlier.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent license upgrade*
- GP name: *TS_PreventLicenseUpgrade*
- GP path: *Windows Components\Remote Desktop Services\RD Licensing*
@@ -2636,7 +2636,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**
+**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**
@@ -2662,21 +2662,21 @@ ADMX Info:
-This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.
+This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.
-If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials.
+If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials.
->[!NOTE]
->If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.
+>[!NOTE]
+>If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.
-If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.
+If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.
For Windows Server 2003 and Windows 2000 Server, a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prompt for credentials on the client computer*
- GP name: *TS_PROMT_CREDS_CLIENT_COMP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -2689,7 +2689,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RADC_DefaultConnection**
+**ADMX_TerminalServer/TS_RADC_DefaultConnection**
@@ -2716,11 +2716,11 @@ ADMX Info:
-This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx).
+This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx).
-- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default sign-in credentials are used when setting up the default connection URL.
+- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default sign-in credentials are used when setting up the default connection URL.
-- If you disable or don't configure this policy setting, the user has no default connection URL.
+- If you disable or don't configure this policy setting, the user has no default connection URL.
RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.
@@ -2729,7 +2729,7 @@ RemoteApp programs that are installed through RemoteApp and Desktop Connections
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify default connection URL*
- GP name: *TS_RADC_DefaultConnection*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2740,7 +2740,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**
+**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**
@@ -2767,9 +2767,9 @@ ADMX Info:
-This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.
+This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.
-- If you enable this policy setting, user sign in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.
+- If you enable this policy setting, user sign in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.
- If you disable or don't configure this policy setting, the Start screen is shown and apps are registered in the background.
@@ -2778,7 +2778,7 @@ This policy setting allows you to specify whether the app registration is comple
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Suspend user sign-in to complete app registration*
- GP name: *TS_RDSAppX_WaitForRegistration*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2789,7 +2789,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RemoteControl_1**
+**ADMX_TerminalServer/TS_RemoteControl_1**
@@ -2816,7 +2816,7 @@ ADMX Info:
-This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
+This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
@@ -2825,7 +2825,7 @@ To make changes to this setting effective, you must restart Volume Shadow Copy (
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers*
- GP name: *TS_RemoteControl_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2836,7 +2836,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RemoteControl_2**
+**ADMX_TerminalServer/TS_RemoteControl_2**
@@ -2863,7 +2863,7 @@ ADMX Info:
-This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
+This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
@@ -2872,7 +2872,7 @@ To make changes to this setting effective, you must restart Volume Shadow Copy (
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers*
- GP name: *TS_RemoteControl_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2883,7 +2883,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**
+**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**
@@ -2910,19 +2910,19 @@ ADMX Info:
-This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate.
+This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate.
-You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
-If you've a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.
-
-By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions.
+You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
+If you've a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.
+
+By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions.
If you disable or don't configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior).
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Optimize visual experience when using RemoteFX*
- GP name: *TS_RemoteDesktopVirtualGraphics*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -2934,7 +2934,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SD_ClustName**
+**ADMX_TerminalServer/TS_SD_ClustName**
@@ -2960,13 +2960,13 @@ ADMX Info:
-This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm.
+This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm.
-Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.
+Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.
-- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.
+- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.
-- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level.
+- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level.
> [!NOTE]
> This policy setting isn't effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.
@@ -2976,7 +2976,7 @@ For Windows Server 2008, this policy setting is supported on at least Windows Se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RD Connection Broker farm name*
- GP name: *TS_SD_ClustName*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -2987,7 +2987,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**
+**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**
@@ -3013,13 +3013,13 @@ ADMX Info:
-This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.
+This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.
-- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.
+- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.
-- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm.
+- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm.
-If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.
+If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.
> [!NOTE]
> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
@@ -3027,7 +3027,7 @@ If you don't configure this policy setting, the Use IP address redirection polic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use IP Address Redirection*
- GP name: *TS_SD_EXPOSE_ADDRESS*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -3038,7 +3038,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SD_Loc**
+**ADMX_TerminalServer/TS_SD_Loc**
@@ -3064,10 +3064,10 @@ ADMX Info:
-This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm.
-The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.
+This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm.
+The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.
-- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.
+- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.
- If you disable or don't configure this policy setting, the policy setting isn't specified at the Group Policy level.
@@ -3081,7 +3081,7 @@ The specified server must be running the Remote Desktop Connection Broker servic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RD Connection Broker server name*
- GP name: *TS_SD_Loc*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -3093,7 +3093,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**
+**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**
@@ -3119,22 +3119,22 @@ ADMX Info:
-This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.
+This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.
-- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting.
+- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting.
-The following security methods are available:
+The following security methods are available:
-- **Negotiate**: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
-- **RDP**: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
-- **SSL (TLS 1.0)**: The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This enablement is the recommended setting for this policy.
+- **Negotiate**: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
+- **RDP**: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
+- **SSL (TLS 1.0)**: The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This enablement is the recommended setting for this policy.
If you disable or don't configure this policy setting, the security method to be used for remote connections to RD Session Host servers isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require use of specific security layer for remote (RDP) connections*
- GP name: *TS_SECURITY_LAYER_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -3146,7 +3146,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**
+**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**
@@ -3172,21 +3172,21 @@ ADMX Info:
-This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).
-You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.
+This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).
+You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.
-- If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.
+- If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.
-- If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality.
+- If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality.
-- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality.
+- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality.
- If you disable or don't configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select network detection on the server*
- GP name: *TS_SELECT_NETWORK_DETECT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -3199,7 +3199,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SELECT_TRANSPORT**
+**ADMX_TerminalServer/TS_SELECT_TRANSPORT**
@@ -3225,18 +3225,18 @@ ADMX Info:
-This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
+This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
-- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)"
+- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)"
-If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
+If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
- If you disable or don't configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select RDP transport protocols*
- GP name: *TS_SELECT_TRANSPORT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -3249,7 +3249,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**
+**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**
@@ -3275,17 +3275,17 @@ ADMX Info:
-This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves.
-This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions.
+This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves.
+This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions.
-- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.
+- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.
- If you disable this policy setting, RemoteApp programs published from this RD Session Host server won't use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs don't support these advanced graphics.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp*
- GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3298,7 +3298,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_AUTH**
+**ADMX_TerminalServer/TS_SERVER_AUTH**
@@ -3324,20 +3324,20 @@ ADMX Info:
-This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
+This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
-- If you enable this policy setting, you must specify one of the following settings:
+- If you enable this policy setting, you must specify one of the following settings:
- - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server.
- - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
- - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.
+ - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server.
+ - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
+ - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.
- If you disable or don't configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure server authentication for client*
- GP name: *TS_SERVER_AUTH*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -3350,7 +3350,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**
+**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**
@@ -3376,16 +3376,16 @@ ADMX Info:
-This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections.
+This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections.
-- When you enable hardware encoding, if an error occurs, we'll attempt to use software encoding.
+- When you enable hardware encoding, if an error occurs, we'll attempt to use software encoding.
- If you disable or don't configure this policy, we'll always use software encoding.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections*
- GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3398,7 +3398,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**
+**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**
@@ -3424,14 +3424,14 @@ ADMX Info:
-This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios.
+This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios.
When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
- GP name: *TS_SERVER_AVC444_MODE_PREFERRED*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3444,7 +3444,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**
+**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**
@@ -3470,22 +3470,22 @@ ADMX Info:
-This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.
+This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.
-- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth.
+- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth.
-If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth.
+If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth.
-In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you're using a hardware device that is designed to optimize network traffic.
+In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you're using a hardware device that is designed to optimize network traffic.
-Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.
+Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.
- If you disable or don't configure this policy setting, the default RDP compression algorithm will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure compression for RemoteFX data*
- GP name: *TS_SERVER_COMPRESSOR*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3498,7 +3498,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**
+**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**
@@ -3523,22 +3523,22 @@ ADMX Info:
-This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.
+This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.
-- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.
+- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.
-- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.
+- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.
-- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.
+- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.
-- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you enable this setting for specific cases only.
+- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you enable this setting for specific cases only.
- If you disable or don't configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics*
- GP name: *TS_SERVER_IMAGE_QUALITY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3551,7 +3551,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**
+**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**
@@ -3576,18 +3576,18 @@ ADMX Info:
-This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
+This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
-When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
-- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
- If you disable this policy setting, RemoteFX will be disabled. If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RemoteFX*
- GP name: *TS_SERVER_LEGACY_RFX*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -3600,7 +3600,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_PROFILE**
+**ADMX_TerminalServer/TS_SERVER_PROFILE**
@@ -3626,17 +3626,17 @@ ADMX Info:
-This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth.
+This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth.
-If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
-1. Let the system choose the experience for the network condition
-2. Optimize for server scalability
+If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
+1. Let the system choose the experience for the network condition
+2. Optimize for server scalability
3. Optimize for minimum bandwidth usage. If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RemoteFX Adaptive Graphics*
- GP name: *TS_SERVER_PROFILE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3649,7 +3649,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_VISEXP**
+**ADMX_TerminalServer/TS_SERVER_VISEXP**
@@ -3675,16 +3675,16 @@ ADMX Info:
-This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.
+This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.
-- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.
+- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.
- If you disable or don't configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Optimize visual experience for Remote Desktop Service Sessions*
- GP name: *TS_SERVER_VISEXP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -3697,7 +3697,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**
+**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**
@@ -3723,16 +3723,16 @@ ADMX Info:
-This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections.
+This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections.
-- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver.
+- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver.
- If you disable this policy setting, Remote Desktop Connections won't use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver. For this change to take effect, you must restart Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use WDDM graphics display driver for Remote Desktop Connections*
- GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3745,7 +3745,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_Session_End_On_Limit_1**
+**ADMX_TerminalServer/TS_Session_End_On_Limit_1**
@@ -3771,22 +3771,22 @@ ADMX Info:
-This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
+This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
-See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
-- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
-- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
-This policy setting only applies to time-out limits that are explicitly set by the administrator.
+This policy setting only applies to time-out limits that are explicitly set by the administrator.
This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *End session when time limits are reached*
- GP name: *TS_Session_End_On_Limit_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3799,7 +3799,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_Session_End_On_Limit_2**
+**ADMX_TerminalServer/TS_Session_End_On_Limit_2**
@@ -3825,22 +3825,22 @@ ADMX Info:
-This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
+This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
-See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
-- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
-- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
-This policy setting only applies to time-out limits that are explicitly set by the administrator.
+This policy setting only applies to time-out limits that are explicitly set by the administrator.
This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *End session when time limits are reached*
- GP name: *TS_Session_End_On_Limit_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3853,7 +3853,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**
@@ -3879,12 +3879,12 @@ ADMX Info:
-This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
-When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
+When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
-- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
+- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -3892,7 +3892,7 @@ When a session is in a disconnected state, running programs are kept active even
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for disconnected sessions*
- GP name: *TS_SESSIONS_Disconnected_Timeout_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3905,7 +3905,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**
@@ -3931,12 +3931,12 @@ ADMX Info:
-This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
-When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
+When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
-- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
+- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -3944,7 +3944,7 @@ When a session is in a disconnected state, running programs are kept active even
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for disconnected sessions*
- GP name: *TS_SESSIONS_Disconnected_Timeout_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3957,7 +3957,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**
@@ -3983,13 +3983,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
-- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -3997,7 +3997,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Idle_Limit_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4010,7 +4010,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**
@@ -4036,13 +4036,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
-- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -4050,7 +4050,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Idle_Limit_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4063,7 +4063,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Limits_1**
+**ADMX_TerminalServer/TS_SESSIONS_Limits_1**
@@ -4089,13 +4089,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -4104,7 +4104,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Limits_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4117,7 +4117,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Limits_2**
+**ADMX_TerminalServer/TS_SESSIONS_Limits_2**
@@ -4143,13 +4143,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -4158,7 +4158,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Limits_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4171,7 +4171,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SINGLE_SESSION**
+**ADMX_TerminalServer/TS_SINGLE_SESSION**
@@ -4197,9 +4197,9 @@ ADMX Info:
-This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server.
+This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server.
-If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
+If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you don't configure this policy setting, this policy setting isn't specified at the Group Policy level.
@@ -4207,7 +4207,7 @@ If you disable this policy setting, users are allowed to make unlimited simultan
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
- GP name: *TS_SINGLE_SESSION*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -4220,7 +4220,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SMART_CARD**
+**ADMX_TerminalServer/TS_SMART_CARD**
@@ -4246,11 +4246,11 @@ ADMX Info:
-This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
+This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
-- If you enable this policy setting, Remote Desktop Services users can't use a smart card to sign in to a Remote Desktop Services session.
+- If you enable this policy setting, Remote Desktop Services users can't use a smart card to sign in to a Remote Desktop Services session.
-- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
+- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
>[!NOTE]
> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
@@ -4258,7 +4258,7 @@ This policy setting allows you to control the redirection of smart card devices
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow smart card device redirection*
- GP name: *TS_SMART_CARD*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -4271,7 +4271,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_START_PROGRAM_1**
+**ADMX_TerminalServer/TS_START_PROGRAM_1**
@@ -4297,11 +4297,11 @@ ADMX Info:
-Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
+Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
-The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
+The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
-If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
+If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
>[!NOTE]
> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
@@ -4309,7 +4309,7 @@ If you leave Working Directory blank, the program runs with its default working
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Start a program on connection*
- GP name: *TS_START_PROGRAM_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -4322,7 +4322,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_START_PROGRAM_2**
+**ADMX_TerminalServer/TS_START_PROGRAM_2**
@@ -4348,11 +4348,11 @@ ADMX Info:
-Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
+Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
-The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
+The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
-If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
+If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
>[!NOTE]
> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
@@ -4360,7 +4360,7 @@ If you leave Working Directory blank, the program runs with its default working
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Start a program on connection*
- GP name: *TS_START_PROGRAM_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -4373,7 +4373,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TEMP_DELETE**
+**ADMX_TerminalServer/TS_TEMP_DELETE**
@@ -4399,19 +4399,19 @@ ADMX Info:
-This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at sign out. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user signs out from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user signs out.
+This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at sign out. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user signs out from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user signs out.
-If you enable this policy setting, a user's per-session temporary folders are retained when the user signs out from a session.
+If you enable this policy setting, a user's per-session temporary folders are retained when the user signs out from a session.
+
+If you disable this policy setting, temporary folders are deleted when a user signs out, even if the server administrator specifies otherwise. If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at sign out, unless specified otherwise by the server administrator.
-If you disable this policy setting, temporary folders are deleted when a user signs out, even if the server administrator specifies otherwise. If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at sign out, unless specified otherwise by the server administrator.
-
>[!NOTE]
> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the don't use temporary folders per session policy setting, this policy setting has no effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not delete temp folders upon exit*
- GP name: *TS_TEMP_DELETE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
@@ -4424,7 +4424,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TEMP_PER_SESSION**
+**ADMX_TerminalServer/TS_TEMP_PER_SESSION**
@@ -4450,18 +4450,18 @@ ADMX Info:
-This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.
+This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.
-You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the session ID.
+You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the session ID.
-- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.
+- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.
- If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise. If you don't configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use temporary folders per session*
- GP name: *TS_TEMP_PER_SESSION*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
@@ -4474,7 +4474,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TIME_ZONE**
+**ADMX_TerminalServer/TS_TIME_ZONE**
@@ -4500,11 +4500,11 @@ ADMX Info:
-This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.
+This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.
-- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).
+- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).
-- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone.
+- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone.
>[!NOTE]
> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
@@ -4512,7 +4512,7 @@ This policy setting allows you to specify whether the client computer redirects
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow time zone redirection*
- GP name: *TS_TIME_ZONE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -4525,7 +4525,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**
+**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**
@@ -4551,11 +4551,11 @@ ADMX Info:
-This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes.
+This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes.
-- If you enable this policy setting, the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only.
+- If you enable this policy setting, the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only.
-- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.
+- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.
>[!NOTE]
> The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
@@ -4563,7 +4563,7 @@ This policy setting specifies whether to disable the administrator rights to cus
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow local administrators to customize permissions*
- GP name: *TS_TSCC_PERMISSIONS_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -4576,7 +4576,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**
+**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**
@@ -4602,11 +4602,11 @@ ADMX Info:
-This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.
+This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.
-- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.
+- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.
-- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.
+- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.
>[!NOTE]
> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
@@ -4614,7 +4614,7 @@ This policy setting determines whether the desktop is always displayed after a c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always show desktop on connection*
- GP name: *TS_TURNOFF_SINGLEAPP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -4627,7 +4627,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_UIA**
+**ADMX_TerminalServer/TS_UIA**
@@ -4653,18 +4653,18 @@ ADMX Info:
-This policy setting allows you to restrict users to a single Remote Desktop Services session.
+This policy setting allows you to restrict users to a single Remote Desktop Services session.
-If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
+If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
-- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.
+- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.
- If you don't configure this policy setting, this policy setting isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
- GP name: *TS_UIA*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -4677,7 +4677,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**
+**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**
@@ -4703,16 +4703,16 @@ ADMX Info:
-This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer.
+This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer.
-If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
+If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer*
- GP name: *TS_USB_REDIRECTION_DISABLE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection*
@@ -4725,7 +4725,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**
+**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**
@@ -4751,18 +4751,18 @@ ADMX Info:
-This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
+This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
-- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
+- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
-- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
+- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require user authentication for remote connections by using Network Level Authentication*
- GP name: *TS_USER_AUTHENTICATION_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -4775,7 +4775,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USER_HOME**
+**ADMX_TerminalServer/TS_USER_HOME**
@@ -4801,20 +4801,20 @@ ADMX Info:
-This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
+This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
-- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
+- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
-If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.
-- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
+- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Server authentication certificate template*
- GP name: *TS_USER_HOME*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -4826,8 +4826,8 @@ ADMX Info:
-
-**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES**
+
+**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES**
@@ -4853,11 +4853,11 @@ ADMX Info:
-This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.
+This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.
-- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.
+- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.
-- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server.
+- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server.
For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
@@ -4865,7 +4865,7 @@ For this policy setting to take effect, you must also enable and configure the "
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use mandatory profiles on the RD Session Host server*
- GP name: *TS_USER_MANDATORY_PROFILES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
@@ -4876,9 +4876,9 @@ ADMX Info:
-
+
-**ADMX_TerminalServer/TS_USER_PROFILES**
+**ADMX_TerminalServer/TS_USER_PROFILES**
@@ -4904,21 +4904,21 @@ ADMX Info:
-This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.
+This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.
-To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this location when the user signs in and the profile is created.
+To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this location when the user signs in and the profile is created.
-If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.
+If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.
-If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.
+If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.
-1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
+1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set path for Remote Desktop Services Roaming User Profile*
- GP name: *TS_USER_PROFILES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index b8a2fd7483..89ee3b1b5c 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_Thumbnails.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/25/2020
ms.reviewer:
@@ -17,19 +17,19 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Thumbnails policies
+## ADMX_Thumbnails policies
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_Thumbnails/DisableThumbnails**
+**ADMX_Thumbnails/DisableThumbnails**
@@ -69,7 +69,7 @@ manager: aaroncz
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
-File Explorer displays thumbnail images by default.
+File Explorer displays thumbnail images by default.
If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.
@@ -78,7 +78,7 @@ If you disable or do not configure this policy setting, File Explorer displays o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the display of thumbnails and only display icons.*
- GP name: *DisableThumbnails*
- GP path: *Windows Components\File Explorer*
@@ -89,7 +89,7 @@ ADMX Info:
-**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**
+**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**
@@ -126,7 +126,7 @@ If you disable or do not configure this policy setting, File Explorer displays o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the display of thumbnails and only display icons on network folders*
- GP name: *DisableThumbnailsOnNetworkFolders*
- GP path: *Windows Components\File Explorer*
@@ -137,7 +137,7 @@ ADMX Info:
-**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**
+**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**
@@ -172,9 +172,9 @@ If you enable this policy setting, File Explorer does not create, read from, or
If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
->
+>
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the caching of thumbnails in hidden thumbs.db files*
- GP name: *DisableThumbsDBOnNetworkFolders*
- GP path: *Windows Components\File Explorer*
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 776951f78d..4ca4f12b6f 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_TouchInput.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_TouchInput policies
+## ADMX_TouchInput policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_TouchInput/TouchInputOff_1**
+**ADMX_TouchInput/TouchInputOff_1**
@@ -71,13 +71,13 @@ manager: aaroncz
-This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
-If you don't configure this setting, touch input is on by default.
+If you don't configure this setting, touch input is on by default.
>[!NOTE]
> Changes to this setting won't take effect until the user signs out.
@@ -85,7 +85,7 @@ If you don't configure this setting, touch input is on by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC touch input*
- GP name: *TouchInputOff_1*
- GP path: *Windows Components\Tablet PC\Touch Input*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_TouchInput/TouchInputOff_2**
+**ADMX_TouchInput/TouchInputOff_2**
@@ -120,13 +120,13 @@ ADMX Info:
-This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
-If you don't configure this setting, touch input is on by default.
+If you don't configure this setting, touch input is on by default.
>[!NOTE]
>Changes to this setting won't take effect until the user signs out.
@@ -134,7 +134,7 @@ If you don't configure this setting, touch input is on by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC touch input*
- GP name: *TouchInputOff_2*
- GP path: *Windows Components\Tablet PC\Touch Input*
@@ -146,7 +146,7 @@ ADMX Info:
-**ADMX_TouchInput/PanningEverywhereOff_1**
+**ADMX_TouchInput/PanningEverywhereOff_1**
@@ -172,11 +172,11 @@ ADMX Info:
-This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -184,7 +184,7 @@ If you disable this setting, the user can pan windows by touch. If you don't con
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Touch Panning*
- GP name: *PanningEverywhereOff_1*
- GP path: *Windows Components\Tablet PC\Touch Input*
@@ -194,7 +194,7 @@ ADMX Info:
-**ADMX_TouchInput/PanningEverywhereOff_2**
+**ADMX_TouchInput/PanningEverywhereOff_2**
@@ -220,11 +220,11 @@ ADMX Info:
-This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -232,7 +232,7 @@ If you disable this setting, the user can pan windows by touch. If you don't con
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Touch Panning*
- GP name: *PanningEverywhereOff_2*
- GP path: *Windows Components\Tablet PC\Touch Input*
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index 2e39f46e4f..a17ffa7fcc 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_TPM.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/25/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_TPM
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_TPM policies
+## ADMX_TPM policies
@@ -62,7 +62,7 @@ manager: aaroncz
-**ADMX_TPM/BlockedCommandsList_Name**
+**ADMX_TPM/BlockedCommandsList_Name**
@@ -97,7 +97,7 @@ If you disable or don't configure this policy setting, only those TPM commands s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the list of blocked TPM commands*
- GP name: *BlockedCommandsList_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -108,7 +108,7 @@ ADMX Info:
-**ADMX_TPM/ClearTPMIfNotReady_Name**
+**ADMX_TPM/ClearTPMIfNotReady_Name**
@@ -139,7 +139,7 @@ This policy setting configures the system to prompt the user to clear the TPM if
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.*
- GP name: *ClearTPMIfNotReady_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -150,7 +150,7 @@ ADMX Info:
-**ADMX_TPM/IgnoreDefaultList_Name**
+**ADMX_TPM/IgnoreDefaultList_Name**
@@ -182,12 +182,12 @@ If you enable this policy setting, Windows will ignore the computer's default li
The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Policy list of blocked TPM commands.
-If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands.
+If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore the default list of blocked TPM commands*
- GP name: *IgnoreDefaultList_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -198,7 +198,7 @@ ADMX Info:
-**ADMX_TPM/IgnoreLocalList_Name**
+**ADMX_TPM/IgnoreLocalList_Name**
@@ -235,7 +235,7 @@ If you disable or don't configure this policy setting, Windows will block the TP
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore the local list of blocked TPM commands*
- GP name: *IgnoreLocalList_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -246,7 +246,7 @@ ADMX Info:
-**ADMX_TPM/OSManagedAuth_Name**
+**ADMX_TPM/OSManagedAuth_Name**
@@ -290,7 +290,7 @@ Choose the operating system managed TPM authentication setting of "None" for com
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the level of TPM owner authorization information available to the operating system*
- GP name: *OSManagedAuth_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -301,7 +301,7 @@ ADMX Info:
-**ADMX_TPM/OptIntoDSHA_Name**
+**ADMX_TPM/OptIntoDSHA_Name**
@@ -332,7 +332,7 @@ This Policy enables Device Health Attestation reporting (DHA-report) on supporte
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Device Health Attestation Monitoring and Reporting*
- GP name: *OptIntoDSHA_Name*
- GP path: *System\Device Health Attestation Service*
@@ -343,7 +343,7 @@ ADMX Info:
-**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**
+**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**
@@ -390,7 +390,7 @@ If this value isn't configured, a default value of 480 minutes (8 hours) is used
>
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Standard User Lockout Duration*
- GP name: *StandardUserAuthorizationFailureDuration_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -401,7 +401,7 @@ ADMX Info:
-**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**
+**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**
@@ -450,7 +450,7 @@ A value of 0 means the OS won't allow standard users to send commands to the TPM
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Standard User Individual Lockout Threshold*
- GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -461,7 +461,7 @@ ADMX Info:
-**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**
+**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**
@@ -510,7 +510,7 @@ A value of 0 means the OS won't allow standard users to send commands to the TPM
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Standard User Total Lockout Threshold*
- GP name: *StandardUserAuthorizationFailureTotalThreshold_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -521,7 +521,7 @@ ADMX Info:
-**ADMX_TPM/UseLegacyDAP_Name**
+**ADMX_TPM/UseLegacyDAP_Name**
@@ -552,7 +552,7 @@ This policy setting configures the TPM to use the Dictionary Attack Prevention P
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
- GP name: *UseLegacyDAP_Name*
- GP path: *System\Trusted Platform Module Services*
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index c5a2aabcc3..cc67fba5d3 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_UserExperienceVirtualization.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/30/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_UserExperienceVirtualization
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_UserExperienceVirtualization policies
+## ADMX_UserExperienceVirtualization policies
@@ -410,7 +410,7 @@ manager: aaroncz
-**ADMX_UserExperienceVirtualization/Calculator**
+**ADMX_UserExperienceVirtualization/Calculator**
@@ -441,7 +441,7 @@ This policy setting configures the synchronization of user settings of Calculato
By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers.
-If you enable this policy setting, the Calculator user settings continue to synchronize.
+If you enable this policy setting, the Calculator user settings continue to synchronize.
If you disable this policy setting, Calculator user settings are excluded from the synchronization settings.
@@ -450,7 +450,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Calculator*
- GP name: *Calculator*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -461,7 +461,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ConfigureSyncMethod**
+**ADMX_UserExperienceVirtualization/ConfigureSyncMethod**
@@ -488,13 +488,13 @@ ADMX Info:
-This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers.
+This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers.
With Sync Method set to ”SyncProvider,” the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location.
-When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later.
+When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later.
-Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path.
+Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path.
These settings are then synchronized to other computers by an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the normal UE-V triggers take place.
With notifications enabled, UE-V users receive a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears.
@@ -506,7 +506,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Sync Method*
- GP name: *ConfigureSyncMethod*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -517,7 +517,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ConfigureVdi**
+**ADMX_UserExperienceVirtualization/ConfigureVdi**
@@ -544,11 +544,11 @@ ADMX Info:
-This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment.
+This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment.
-UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session.
+UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session.
-Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers.
+Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers.
If you enable this policy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login.
@@ -558,7 +558,7 @@ If you don't configure this policy, no UE-V rollback state is copied to the sett
-ADMX Info:
+ADMX Info:
- GP Friendly name: *VDI Configuration*
- GP name: *ConfigureVdi*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -569,7 +569,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ContactITDescription**
+**ADMX_UserExperienceVirtualization/ContactITDescription**
@@ -606,7 +606,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Contact IT Link Text*
- GP name: *ContactITDescription*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -617,7 +617,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ContactITUrl**
+**ADMX_UserExperienceVirtualization/ContactITUrl**
@@ -645,7 +645,7 @@ ADMX Info:
This policy setting specifies the URL for the Contact IT link in the Company Settings Center.
-If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.
+If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.
If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link.
@@ -653,7 +653,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Contact IT URL*
- GP name: *ContactITUrl*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -664,7 +664,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/DisableWin8Sync**
+**ADMX_UserExperienceVirtualization/DisableWin8Sync**
@@ -693,11 +693,11 @@ ADMX Info:
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps.
-By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.
+By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.
If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps.
-If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps.
+If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps.
If you don't configure this policy setting, any defined values are deleted.
@@ -707,7 +707,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *don't synchronize Windows Apps*
- GP name: *DisableWin8Sync*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -718,7 +718,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/DisableWindowsOSSettings**
+**ADMX_UserExperienceVirtualization/DisableWindowsOSSettings**
@@ -756,7 +756,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize Windows settings*
- GP name: *DisableWindowsOSSettings*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -767,7 +767,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/EnableUEV**
+**ADMX_UserExperienceVirtualization/EnableUEV**
@@ -793,14 +793,14 @@ ADMX Info:
-This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature.
+This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature.
Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable UEV*
- GP name: *EnableUEV*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -811,7 +811,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Finance**
+**ADMX_UserExperienceVirtualization/Finance**
@@ -849,7 +849,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Finance*
- GP name: *Finance*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -860,7 +860,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled**
+**ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled**
@@ -897,7 +897,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *First Use Notification*
- GP name: *FirstUseNotificationEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -908,7 +908,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Games**
+**ADMX_UserExperienceVirtualization/Games**
@@ -946,7 +946,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Games*
- GP name: *Games*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -957,7 +957,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer8**
+**ADMX_UserExperienceVirtualization/InternetExplorer8**
@@ -986,9 +986,9 @@ ADMX Info:
This policy setting configures the synchronization of user settings for Internet Explorer 8.
-By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers.
+By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers.
-If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize.
+If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize.
If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings.
@@ -997,7 +997,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 8*
- GP name: *InternetExplorer8*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1008,7 +1008,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer9**
+**ADMX_UserExperienceVirtualization/InternetExplorer9**
@@ -1036,8 +1036,8 @@ ADMX Info:
This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers.
-
-If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize.
+
+If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize.
If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings.
@@ -1047,7 +1047,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 9*
- GP name: *InternetExplorer9*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1058,7 +1058,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer10**
+**ADMX_UserExperienceVirtualization/InternetExplorer10**
@@ -1087,7 +1087,7 @@ ADMX Info:
This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers.
-If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize.
+If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize.
If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings.
@@ -1096,7 +1096,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 10*
- GP name: *InternetExplorer10*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1107,7 +1107,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer11**
+**ADMX_UserExperienceVirtualization/InternetExplorer11**
@@ -1145,7 +1145,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 11*
- GP name: *InternetExplorer11*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1156,7 +1156,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorerCommon**
+**ADMX_UserExperienceVirtualization/InternetExplorerCommon**
@@ -1195,7 +1195,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer Common Settings*
- GP name: *InternetExplorerCommon*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1205,7 +1205,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Maps**
+**ADMX_UserExperienceVirtualization/Maps**
@@ -1243,7 +1243,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maps*
- GP name: *Maps*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -1254,7 +1254,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes**
+**ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes**
@@ -1281,7 +1281,7 @@ ADMX Info:
-This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size.
+This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size.
If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log.
@@ -1290,7 +1290,7 @@ If you disable or don't configure this policy setting, no event is written to th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Settings package size warning threshold*
- GP name: *MaxPackageSizeInBytes*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -1301,7 +1301,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access**
@@ -1328,18 +1328,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize.
-If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings.
+If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Access 2010*
- GP name: *MicrosoftOffice2010Access*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1350,7 +1350,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common**
@@ -1377,18 +1377,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize.
-If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled
+If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2010 Common Settings*
- GP name: *MicrosoftOffice2010Common*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1399,7 +1399,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel**
@@ -1426,18 +1426,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize.
-If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings.
+If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Excel 2010*
- GP name: *MicrosoftOffice2010Excel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1448,7 +1448,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath**
@@ -1487,7 +1487,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft InfoPath 2010*
- GP name: *MicrosoftOffice2010InfoPath*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1498,7 +1498,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync**
@@ -1525,18 +1525,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize.
-If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings.
+If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Lync 2010*
- GP name: *MicrosoftOffice2010Lync*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1547,7 +1547,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote**
@@ -1584,7 +1584,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneNote 2010*
- GP name: *MicrosoftOffice2010OneNote*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1595,7 +1595,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook**
@@ -1633,7 +1633,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Outlook 2010*
- GP name: *MicrosoftOffice2010Outlook*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1644,7 +1644,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint**
@@ -1683,7 +1683,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft PowerPoint 2010*
- GP name: *MicrosoftOffice2010PowerPoint*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1694,7 +1694,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project**
@@ -1732,7 +1732,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Project 2010*
- GP name: *MicrosoftOffice2010Project*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1743,7 +1743,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher**
@@ -1782,7 +1782,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Publisher 2010*
- GP name: *MicrosoftOffice2010Publisher*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1793,7 +1793,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner**
@@ -1831,7 +1831,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft SharePoint Designer 2010*
- GP name: *MicrosoftOffice2010SharePointDesigner*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1842,7 +1842,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace**
@@ -1881,7 +1881,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft SharePoint Workspace 2010*
- GP name: *MicrosoftOffice2010SharePointWorkspace*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1892,7 +1892,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio**
@@ -1930,7 +1930,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Visio 2010*
- GP name: *MicrosoftOffice2010Visio*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1941,7 +1941,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word**
@@ -1979,7 +1979,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Word 2010*
- GP name: *MicrosoftOffice2010Word*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1990,7 +1990,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access**
@@ -2027,7 +2027,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Access 2013*
- GP name: *MicrosoftOffice2013Access*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2038,7 +2038,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup**
@@ -2076,7 +2076,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Access 2013 backup only*
- GP name: *MicrosoftOffice2013AccessBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2087,7 +2087,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common**
@@ -2125,7 +2125,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2013 Common Settings*
- GP name: *MicrosoftOffice2013Common*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2136,7 +2136,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup**
@@ -2169,14 +2169,14 @@ Microsoft Office Suite 2013 has user settings which are common between applicati
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Common 2013 backup only*
- GP name: *MicrosoftOffice2013CommonBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2187,7 +2187,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel**
@@ -2226,7 +2226,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Excel 2013*
- GP name: *MicrosoftOffice2013Excel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2237,7 +2237,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup**
@@ -2275,7 +2275,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Excel 2013 backup only*
- GP name: *MicrosoftOffice2013ExcelBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2286,7 +2286,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath**
@@ -2324,7 +2324,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft InfoPath 2013*
- GP name: *MicrosoftOffice2013InfoPath*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2335,7 +2335,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup**
@@ -2374,7 +2374,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *InfoPath 2013 backup only*
- GP name: *MicrosoftOffice2013InfoPathBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2385,7 +2385,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync**
@@ -2423,7 +2423,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Lync 2013*
- GP name: *MicrosoftOffice2013Lync*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2434,7 +2434,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup**
@@ -2473,7 +2473,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lync 2013 backup only*
- GP name: *MicrosoftOffice2013LyncBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2484,7 +2484,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness**
@@ -2523,7 +2523,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneDrive for Business 2013*
- GP name: *MicrosoftOffice2013OneDriveForBusiness*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2534,7 +2534,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote**
@@ -2573,7 +2573,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneNote 2013*
- GP name: *MicrosoftOffice2013OneNote*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2584,7 +2584,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup**
@@ -2623,7 +2623,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *OneNote 2013 backup only*
- GP name: *MicrosoftOffice2013OneNoteBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2634,7 +2634,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook**
@@ -2672,7 +2672,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Outlook 2013*
- GP name: *MicrosoftOffice2013Outlook*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2683,7 +2683,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup**
@@ -2722,7 +2722,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Outlook 2013 backup only*
- GP name: *MicrosoftOffice2013OutlookBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2733,7 +2733,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint**
@@ -2772,7 +2772,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft PowerPoint 2013*
- GP name: *MicrosoftOffice2013PowerPoint*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2783,7 +2783,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup**
@@ -2822,7 +2822,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *PowerPoint 2013 backup only*
- GP name: *MicrosoftOffice2013PowerPointBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2833,7 +2833,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project**
@@ -2871,7 +2871,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Project 2013*
- GP name: *MicrosoftOffice2013Project*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2882,7 +2882,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup**
@@ -2920,7 +2920,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Project 2013 backup only*
- GP name: *MicrosoftOffice2013ProjectBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2931,7 +2931,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher**
@@ -2970,7 +2970,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Publisher 2013*
- GP name: *MicrosoftOffice2013Publisher*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2981,7 +2981,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup**
@@ -3020,7 +3020,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Publisher 2013 backup only*
- GP name: *MicrosoftOffice2013PublisherBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3031,7 +3031,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner**
@@ -3070,7 +3070,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft SharePoint Designer 2013*
- GP name: *MicrosoftOffice2013SharePointDesigner*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3120,7 +3120,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SharePoint Designer 2013 backup only*
- GP name: *MicrosoftOffice2013SharePointDesignerBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3169,7 +3169,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2013 Upload Center*
- GP name: *MicrosoftOffice2013UploadCenter*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3180,7 +3180,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio**
@@ -3219,7 +3219,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Visio 2013*
- GP name: *MicrosoftOffice2013Visio*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3230,7 +3230,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup**
@@ -3269,7 +3269,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Visio 2013 backup only*
- GP name: *MicrosoftOffice2013VisioBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3280,7 +3280,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word**
@@ -3318,7 +3318,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Word 2013*
- GP name: *MicrosoftOffice2013Word*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3329,7 +3329,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup**
@@ -3367,7 +3367,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Word 2013 backup only*
- GP name: *MicrosoftOffice2013WordBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3378,7 +3378,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access**
@@ -3416,7 +3416,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Access 2016*
- GP name: *MicrosoftOffice2016Access*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3427,7 +3427,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup**
@@ -3466,7 +3466,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Access 2016 backup only*
- GP name: *MicrosoftOffice2016AccessBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3477,7 +3477,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common**
@@ -3516,7 +3516,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2016 Common Settings*
- GP name: *MicrosoftOffice2016Common*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3527,7 +3527,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup**
@@ -3559,7 +3559,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up.
If you don't configure this policy setting, any defined values will be deleted.
@@ -3567,7 +3567,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Common 2016 backup only*
- GP name: *MicrosoftOffice2016CommonBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3578,7 +3578,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel**
@@ -3617,7 +3617,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Excel 2016*
- GP name: *MicrosoftOffice2016Excel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3628,7 +3628,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup**
@@ -3667,7 +3667,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Excel 2016 backup only*
- GP name: *MicrosoftOffice2016ExcelBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3678,7 +3678,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync**
@@ -3717,7 +3717,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Lync 2016*
- GP name: *MicrosoftOffice2016Lync*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3728,7 +3728,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup**
@@ -3767,7 +3767,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lync 2016 backup only*
- GP name: *MicrosoftOffice2016LyncBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3778,7 +3778,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness**
@@ -3817,7 +3817,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneDrive for Business 2016*
- GP name: *MicrosoftOffice2016OneDriveForBusiness*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3828,7 +3828,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote**
@@ -3866,7 +3866,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneNote 2016*
- GP name: *MicrosoftOffice2016OneNote*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3877,7 +3877,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup**
@@ -3916,7 +3916,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *OneNote 2016 backup only*
- GP name: *MicrosoftOffice2016OneNoteBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3927,7 +3927,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook**
@@ -3965,7 +3965,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Outlook 2016*
- GP name: *MicrosoftOffice2016Outlook*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3976,7 +3976,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup**
@@ -4015,7 +4015,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Outlook 2016 backup only*
- GP name: *MicrosoftOffice2016OutlookBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4026,7 +4026,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint**
@@ -4064,7 +4064,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft PowerPoint 2016*
- GP name: *MicrosoftOffice2016PowerPoint*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4075,7 +4075,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup**
@@ -4113,7 +4113,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *PowerPoint 2016 backup only*
- GP name: *MicrosoftOffice2016PowerPointBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4124,7 +4124,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project**
@@ -4164,7 +4164,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Project 2016*
- GP name: *MicrosoftOffice2016Project*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4175,7 +4175,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup**
@@ -4213,7 +4213,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Project 2016 backup only*
- GP name: *MicrosoftOffice2016ProjectBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4224,7 +4224,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher**
@@ -4263,7 +4263,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Publisher 2016*
- GP name: *MicrosoftOffice2016Publisher*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4274,7 +4274,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup**
@@ -4313,7 +4313,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Publisher 2016 backup only*
- GP name: *MicrosoftOffice2016PublisherBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4363,7 +4363,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2016 Upload Center*
- GP name: *MicrosoftOffice2016UploadCenter*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4374,7 +4374,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio**
@@ -4412,7 +4412,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Visio 2016*
- GP name: *MicrosoftOffice2016Visio*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4423,7 +4423,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup**
@@ -4462,7 +4462,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Visio 2016 backup only*
- GP name: *MicrosoftOffice2016VisioBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4473,7 +4473,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word**
@@ -4511,7 +4511,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Word 2016*
- GP name: *MicrosoftOffice2016Word*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4522,7 +4522,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup**
@@ -4561,7 +4561,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Word 2016 backup only*
- GP name: *MicrosoftOffice2016WordBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4572,7 +4572,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013**
@@ -4611,7 +4611,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Access 2013*
- GP name: *MicrosoftOffice365Access2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4622,7 +4622,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016**
@@ -4661,7 +4661,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Access 2016*
- GP name: *MicrosoftOffice365Access2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4672,7 +4672,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013**
@@ -4711,7 +4711,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Common 2013*
- GP name: *MicrosoftOffice365Common2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4761,7 +4761,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Common 2016*
- GP name: *MicrosoftOffice365Common2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4772,7 +4772,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013**
@@ -4811,7 +4811,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Excel 2013*
- GP name: *MicrosoftOffice365Excel2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4822,7 +4822,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016**
@@ -4861,7 +4861,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Excel 2016*
- GP name: *MicrosoftOffice365Excel2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4872,7 +4872,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013**
@@ -4910,7 +4910,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 InfoPath 2013*
- GP name: *MicrosoftOffice365InfoPath2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4921,7 +4921,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013**
@@ -4960,7 +4960,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Lync 2013*
- GP name: *MicrosoftOffice365Lync2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4971,7 +4971,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016**
@@ -5010,7 +5010,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Lync 2016*
- GP name: *MicrosoftOffice365Lync2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5021,7 +5021,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013**
@@ -5060,7 +5060,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 OneNote 2013*
- GP name: *MicrosoftOffice365OneNote2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5071,7 +5071,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016**
@@ -5110,7 +5110,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 OneNote 2016*
- GP name: *MicrosoftOffice365OneNote2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5121,7 +5121,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013**
@@ -5160,7 +5160,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Outlook 2013*
- GP name: *MicrosoftOffice365Outlook2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5171,7 +5171,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016**
@@ -5210,7 +5210,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Outlook 2016*
- GP name: *MicrosoftOffice365Outlook2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5221,7 +5221,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013**
@@ -5260,7 +5260,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 PowerPoint 2013*
- GP name: *MicrosoftOffice365PowerPoint2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5271,7 +5271,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016**
@@ -5310,7 +5310,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 PowerPoint 2016*
- GP name: *MicrosoftOffice365PowerPoint2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5321,7 +5321,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013**
@@ -5360,7 +5360,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Project 2013*
- GP name: *MicrosoftOffice365Project2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5410,7 +5410,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Project 2016*
- GP name: *MicrosoftOffice365Project2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5421,7 +5421,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013**
@@ -5460,7 +5460,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Publisher 2013*
- GP name: *MicrosoftOffice365Publisher2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5471,7 +5471,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016**
@@ -5509,7 +5509,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Publisher 2016*
- GP name: *MicrosoftOffice365Publisher2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5520,7 +5520,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013**
@@ -5559,7 +5559,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 SharePoint Designer 2013*
- GP name: *MicrosoftOffice365SharePointDesigner2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5570,7 +5570,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013**
@@ -5608,7 +5608,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Visio 2013*
- GP name: *MicrosoftOffice365Visio2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5619,7 +5619,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016**
@@ -5658,7 +5658,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Visio 2016*
- GP name: *MicrosoftOffice365Visio2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5669,7 +5669,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013**
@@ -5708,7 +5708,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Word 2013*
- GP name: *MicrosoftOffice365Word2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5719,7 +5719,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016**
@@ -5758,7 +5758,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Word 2016*
- GP name: *MicrosoftOffice365Word2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5769,7 +5769,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Music**
+**ADMX_UserExperienceVirtualization/Music**
@@ -5807,7 +5807,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Music*
- GP name: *Music*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -5818,7 +5818,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/News**
+**ADMX_UserExperienceVirtualization/News**
@@ -5857,7 +5857,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *News*
- GP name: *News*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -5868,7 +5868,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Notepad**
+**ADMX_UserExperienceVirtualization/Notepad**
@@ -5897,7 +5897,7 @@ ADMX Info:
This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers.
-If you enable this policy setting, the Notepad user settings continue to synchronize.
+If you enable this policy setting, the Notepad user settings continue to synchronize.
If you disable this policy setting, Notepad user settings are excluded from the synchronization settings.
@@ -5907,7 +5907,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Notepad*
- GP name: *Notepad*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5918,7 +5918,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Reader**
+**ADMX_UserExperienceVirtualization/Reader**
@@ -5952,13 +5952,13 @@ If you enable this policy setting, Reader user settings continue to sync.
If you disable this policy setting, Reader user settings are excluded from the synchronization.
If you don't configure this policy setting, any defined values will be deleted.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reader*
- GP name: *Reader*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -5969,7 +5969,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/RepositoryTimeout**
+**ADMX_UserExperienceVirtualization/RepositoryTimeout**
@@ -5996,9 +5996,9 @@ ADMX Info:
-This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds.
+This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds.
-If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.
+If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.
If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used.
@@ -6006,7 +6006,7 @@ If you disable or don't configure this policy setting, the default value of 2000
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronization timeout*
- GP name: *RepositoryTimeout*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6017,7 +6017,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SettingsStoragePath**
+**ADMX_UserExperienceVirtualization/SettingsStoragePath**
@@ -6046,15 +6046,15 @@ ADMX Info:
This policy setting configures where the settings package files that contain user settings are stored.
-If you enable this policy setting, the user settings are stored in the specified location.
+If you enable this policy setting, the user settings are stored in the specified location.
-If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
+If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Settings storage path*
- GP name: *SettingsStoragePath*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6065,7 +6065,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath**
+**ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath**
@@ -6100,7 +6100,7 @@ If you specify a UNC path and leave the option to replace the default Microsoft
If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used.
-If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates.
+If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates.
If you don't configure this policy setting, any defined values will be deleted.
@@ -6108,7 +6108,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Settings template catalog path*
- GP name: *SettingsTemplateCatalogPath*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6119,7 +6119,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Sports**
+**ADMX_UserExperienceVirtualization/Sports**
@@ -6158,7 +6158,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sports*
- GP name: *Sports*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6169,7 +6169,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncEnabled**
+**ADMX_UserExperienceVirtualization/SyncEnabled**
@@ -6202,7 +6202,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use User Experience Virtualization (UE-V)*
- GP name: *SyncEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6252,7 +6252,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sync settings over metered connections*
- GP name: *SyncOverMeteredNetwork*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6263,7 +6263,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming**
+**ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming**
@@ -6302,7 +6302,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sync settings over metered connections even when roaming*
- GP name: *SyncOverMeteredNetworkWhenRoaming*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6313,7 +6313,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncProviderPingEnabled**
+**ADMX_UserExperienceVirtualization/SyncProviderPingEnabled**
@@ -6344,15 +6344,15 @@ This policy setting allows you to configure the User Experience Virtualization (
If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages.
-If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages.
+If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages.
-If you don't configure this policy, any defined values will be deleted.
+If you don't configure this policy, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ping the settings storage location before sync*
- GP name: *SyncProviderPingEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6363,7 +6363,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps**
+**ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps**
@@ -6401,7 +6401,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sync Unlisted Windows Apps*
- GP name: *SyncUnlistedWindows8Apps*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6412,7 +6412,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Travel**
+**ADMX_UserExperienceVirtualization/Travel**
@@ -6451,7 +6451,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Travel*
- GP name: *Travel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6462,7 +6462,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/TrayIconEnabled**
+**ADMX_UserExperienceVirtualization/TrayIconEnabled**
@@ -6497,7 +6497,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tray Icon*
- GP name: *TrayIconEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6508,7 +6508,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Video**
+**ADMX_UserExperienceVirtualization/Video**
@@ -6547,7 +6547,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Video*
- GP name: *Video*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6558,7 +6558,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Weather**
+**ADMX_UserExperienceVirtualization/Weather**
@@ -6597,7 +6597,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Weather*
- GP name: *Weather*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6637,7 +6637,7 @@ ADMX Info:
This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers.
-If you enable this policy setting, the WordPad user settings continue to synchronize.
+If you enable this policy setting, the WordPad user settings continue to synchronize.
If you disable this policy setting, WordPad user settings are excluded from the synchronization settings.
@@ -6647,7 +6647,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WordPad*
- GP name: *Wordpad*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index f6d9875e16..67c7143e09 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_UserProfiles.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/11/2020
ms.reviewer:
@@ -17,13 +17,13 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_UserProfiles policies
+## ADMX_UserProfiles policies
@@ -56,7 +56,7 @@ manager: aaroncz
-**ADMX_UserProfiles/CleanupProfiles**
+**ADMX_UserProfiles/CleanupProfiles**
@@ -87,14 +87,14 @@ This policy setting allows an administrator to automatically delete user profile
> [!NOTE]
> One day is interpreted as 24 hours after a specific user profile was accessed.
-If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days.
+If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days.
If you disable or don't configure this policy setting, User Profile Service won't automatically delete any profiles on the next system restart.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Delete user profiles older than a specified number of days on system restart*
- GP name: *CleanupProfiles*
- GP path: *System\User Profiles*
@@ -105,7 +105,7 @@ ADMX Info:
-**ADMX_UserProfiles/DontForceUnloadHive**
+**ADMX_UserProfiles/DontForceUnloadHive**
@@ -131,7 +131,7 @@ ADMX Info:
-This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys.
+This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys.
> [!NOTE]
> This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
@@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, Windows will always unloa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not forcefully unload the users registry at user logoff*
- GP name: *DontForceUnloadHive*
- GP path: *System\User Profiles*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_UserProfiles/LeaveAppMgmtData**
+**ADMX_UserProfiles/LeaveAppMgmtData**
@@ -194,7 +194,7 @@ If you disable or don't configure this policy setting, Windows will delete the e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Leave Windows Installer and Group Policy Software Installation Data*
- GP name: *LeaveAppMgmtData*
- GP path: *System\User Profiles*
@@ -205,7 +205,7 @@ ADMX Info:
-**ADMX_UserProfiles/LimitSize**
+**ADMX_UserProfiles/LimitSize**
@@ -246,7 +246,7 @@ If you enable this policy setting, you can:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit profile size*
- GP name: *LimitSize*
- GP path: *System\User Profiles*
@@ -257,7 +257,7 @@ ADMX Info:
-**ADMX_UserProfiles/ProfileErrorAction**
+**ADMX_UserProfiles/ProfileErrorAction**
@@ -283,7 +283,7 @@ ADMX Info:
-This policy setting will automatically sign out a user when Windows can't load their profile.
+This policy setting will automatically sign out a user when Windows can't load their profile.
If Windows can't access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
@@ -296,7 +296,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not log users on with temporary profiles*
- GP name: *ProfileErrorAction*
- GP path: *System\User Profiles*
@@ -307,7 +307,7 @@ ADMX Info:
-**ADMX_UserProfiles/SlowLinkTimeOut**
+**ADMX_UserProfiles/SlowLinkTimeOut**
@@ -333,7 +333,7 @@ ADMX Info:
-This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.
+This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.
To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transferred. From that connection and data transfer, the network's latency and connection speed are determined.
@@ -346,7 +346,7 @@ If you disable or don't configure this policy setting, Windows considers the net
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control slow network connection timeout for user profiles*
- GP name: *SlowLinkTimeOut*
- GP path: *System\User Profiles*
@@ -357,7 +357,7 @@ ADMX Info:
-**ADMX_UserProfiles/USER_HOME**
+**ADMX_UserProfiles/USER_HOME**
@@ -401,7 +401,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set user home folder*
- GP name: *USER_HOME*
- GP path: *System\User Profiles*
@@ -412,7 +412,7 @@ ADMX Info:
-**ADMX_UserProfiles/UserInfoAccessAction**
+**ADMX_UserProfiles/UserInfoAccessAction**
@@ -450,7 +450,7 @@ If you don't configure or disable this policy the user will have full control ov
-ADMX Info:
+ADMX Info:
- GP Friendly name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)*
- GP name: *UserInfoAccessAction*
- GP path: *System\User Profiles*
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 9ec5b2733d..550c9e6d4c 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_W32Time.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/28/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_W32Time
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_W32Time policies
+## ADMX_W32Time policies
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_W32Time/W32TIME_POLICY_CONFIG**
+**ADMX_W32Time/W32TIME_POLICY_CONFIG**
@@ -156,7 +156,7 @@ This parameter controls the frequency at which an event that indicates the numbe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Global Configuration Settings*
- GP name: *W32TIME_POLICY_CONFIG*
- GP path: *System\Windows Time Service*
@@ -167,7 +167,7 @@ ADMX Info:
-**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**
+**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**
@@ -200,7 +200,7 @@ If you enable this policy setting, you can specify the following parameters for
If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
**NtpServer**
-The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"".
+The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"".
**Type**
This value controls the authentication that W32time uses. The default value is NT5DS.
@@ -224,7 +224,7 @@ This value is a bitmask that controls events that may be logged to the System lo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Windows NTP Client*
- GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT*
- GP path: *System\Windows Time Service\Time Providers*
@@ -235,7 +235,7 @@ ADMX Info:
-**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**
+**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**
@@ -273,7 +273,7 @@ If you disable or don't configure this policy setting, the local computer clock
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Windows NTP Client*
- GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT*
- GP path: *System\Windows Time Service\Time Providers*
@@ -284,7 +284,7 @@ ADMX Info:
-**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**
+**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**
@@ -319,7 +319,7 @@ If you disable or don't configure this policy setting, your computer can't servi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Windows NTP Server*
- GP name: *W32TIME_POLICY_ENABLE_NTPSERVER*
- GP path: *System\Windows Time Service\Time Providers*
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index d396e0aaae..4a75b6002b 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -4,8 +4,8 @@ description: Learn about Policy CSP - ADMX_WCM.
ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 10/22/2020
ms.reviewer:
@@ -14,16 +14,16 @@ manager: aaroncz
# Policy CSP - ADMX_WCM
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WCM policies
+## ADMX_WCM policies