diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 679efe6819..80b531a03c 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -1,200 +1,296 @@
---
-title: Policy CSP - ADMX_DiskNVCache
-description: Learn about Policy CSP - ADMX_DiskNVCache.
+title: ADMX_DiskNVCache Policy CSP
+description: Learn more about the ADMX_DiskNVCache Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 08/12/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_DiskNVCache
-
-
-
-
-## ADMX_DiskNVCache policies
-
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
-
- -
- ADMX_DiskNVCache/BootResumePolicy
-
- -
- ADMX_DiskNVCache/FeatureOffPolicy
-
- -
- ADMX_DiskNVCache/SolidStatePolicy
-
-
+
+## BootResumePolicy
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/BootResumePolicy
+```
+
-
-**ADMX_DiskNVCache/BootResumePolicy**
-
+
+
+This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+- If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.
-
-
+- If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate.
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+- If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
-> [!div class = "checklist"]
-> * Device
+> [!NOTE]
+> This policy setting is applicable only if the NV cache feature is on.
+
-
+
+
+
-
-
-This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.
+
+**Description framework properties**:
-If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-The system determines the data that will be stored in the NV cache to optimize boot and resume.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
+**ADMX mapping**:
-This policy setting is applicable only if the NV cache feature is on.
+| Name | Value |
+|:--|:--|
+| Name | BootResumePolicy |
+| Friendly Name | Turn off boot and resume optimizations |
+| Location | Computer Configuration |
+| Path | System > Disk NV Cache |
+| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
+| Registry Value Name | OptimizeBootAndResume |
+| ADMX File Name | DiskNVCache.admx |
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Turn off boot and resume optimizations*
-- GP name: *BootResumePolicy*
-- GP path: *System\Disk NV Cache*
-- GP ADMX file name: *DiskNVCache.admx*
+
-
-
-
+
+## CachePowerModePolicy
-**ADMX_DiskNVCache/FeatureOffPolicy**
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/CachePowerModePolicy
+```
+
-
-
+
+
+This policy setting turns off power save mode on the hybrid hard disks in the system.
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+- If you enable this policy setting, the hard disks are not put into NV cache power save mode and no power savings are achieved.
-> [!div class = "checklist"]
-> * Device
+- If you disable this policy setting, the hard disks are put into an NV cache power saving mode. In this mode, the system tries to save power by aggressively spinning down the disk.
-
+- If you do not configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode.
-
-
-This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system.
+> [!NOTE]
+> This policy setting is applicable only if the NV cache feature is on.
+
-To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
+
+
+
-If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode.
+
+**Description framework properties**:
-If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-
-ADMX Info:
-- GP Friendly name: *Turn off non-volatile cache feature*
-- GP name: *FeatureOffPolicy*
-- GP path: *System\Disk NV Cache*
-- GP ADMX file name: *DiskNVCache.admx*
+| Name | Value |
+|:--|:--|
+| Name | CachePowerModePolicy |
+| Friendly Name | Turn off cache power mode |
+| Location | Computer Configuration |
+| Path | System > Disk NV Cache |
+| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
+| Registry Value Name | EnablePowerModeState |
+| ADMX File Name | DiskNVCache.admx |
+
-
-
+
+
+
-
+
-
-**ADMX_DiskNVCache/SolidStatePolicy**
-
+
+## FeatureOffPolicy
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/FeatureOffPolicy
+```
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+
+This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
-> [!div class = "checklist"]
-> * Device
+- If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode.
-
+- If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.
-
-
+> [!NOTE]
+> This policy setting will take effect on next boot.
+
+- If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | FeatureOffPolicy |
+| Friendly Name | Turn off non-volatile cache feature |
+| Location | Computer Configuration |
+| Path | System > Disk NV Cache |
+| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
+| Registry Value Name | EnableNvCache |
+| ADMX File Name | DiskNVCache.admx |
+
+
+
+
+
+
+
+
+
+## SolidStatePolicy
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskNVCache/SolidStatePolicy
+```
+
+
+
+
This policy setting turns off the solid state mode for the hybrid hard disks.
-If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
+- If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
-If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
+- If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. **Note** that this can cause increased wear of the NV cache.
-This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
+- If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
->[!Note]
+> [!NOTE]
> This policy setting is applicable only if the NV cache feature is on.
+
+
+
+
-
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off solid state mode*
-- GP name: *SolidStatePolicy*
-- GP path: *System\Disk NV Cache*
-- GP ADMX file name: *DiskNVCache.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
+| Name | Value |
+|:--|:--|
+| Name | SolidStatePolicy |
+| Friendly Name | Turn off solid state mode |
+| Location | Computer Configuration |
+| Path | System > Disk NV Cache |
+| Registry Key Name | Software\Policies\Microsoft\Windows\NvCache |
+| Registry Value Name | EnableSolidStateMode |
+| ADMX File Name | DiskNVCache.admx |
+
-
+
+
+
-## Related topics
+
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index 35d3111b03..0c1693728b 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -1,365 +1,437 @@
---
-title: Policy CSP - ADMX_DiskQuota
-description: Learn about Policy CSP - ADMX_DiskQuota.
+title: ADMX_DiskQuota Policy CSP
+description: Learn more about the ADMX_DiskQuota Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 08/12/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_DiskQuota
-
-
-
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-## ADMX_DiskQuota policies
+
+
+
+
+## DQ_Enable
-
- -
- ADMX_DiskQuota/DQ_RemovableMedia
-
- -
- ADMX_DiskQuota/DQ_Enable
-
- -
- ADMX_DiskQuota/DQ_Enforce
-
- -
- ADMX_DiskQuota/DQ_LogEventOverLimit
-
- -
- ADMX_DiskQuota/DQ_LogEventOverThreshold
-
- -
- ADMX_DiskQuota/DQ_Limit
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_Enable
+```
+
-
-
-
-**ADMX_DiskQuota/DQ_RemovableMedia**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.
-
-If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only.
-
-When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Apply policy to removable media*
-- GP name: *DQ_RemovableMedia*
-- GP path: *System\Disk Quotas*
-- GP ADMX file name: *DiskQuota.admx*
-
-
-
-
-
-
-
-**ADMX_DiskQuota/DQ_Enable**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.
-If you enable this policy setting, disk quota management is turned on, and users can't turn it off.
+- If you enable this policy setting, disk quota management is turned on, and users cannot turn it off.
-If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on.
+- If you disable the policy setting, disk quota management is turned off, and users cannot turn it on.
+
+- If this policy setting is not configured, disk quota management is turned off by default, but administrators can turn it on.
To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.
-This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit.
+> [!NOTE]
+> This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
-To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
+> [!NOTE]
+> To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
+
-To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
+
+
+
-
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Enable disk quotas*
-- GP name: *DQ_Enable*
-- GP path: *System\Disk Quotas*
-- GP ADMX file name: *DiskQuota.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
+| Name | Value |
+|:--|:--|
+| Name | DQ_Enable |
+| Friendly Name | Enable disk quotas |
+| Location | Computer Configuration |
+| Path | System > Disk Quotas |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
+| Registry Value Name | Enable |
+| ADMX File Name | DiskQuota.admx |
+
-
-**ADMX_DiskQuota/DQ_Enforce**
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## DQ_Enforce
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_Enforce
+```
+
-
-
-
-
+
+
This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.
-If you enable this policy setting, disk quota limits are enforced.
+- If you enable this policy setting, disk quota limits are enforced.
+- If you disable this policy setting, disk quota limits are not enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot make changes while the setting is in effect.
-If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect.
+- If you do not configure this policy setting, the disk quota limit is not enforced by default, but administrators can change the setting.
-If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available.
+Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write to the volume as long as physical space is available.
-This policy setting overrides user settings that enable or disable quota enforcement on their volumes.
+> [!NOTE]
+> This policy setting overrides user settings that enable or disable quota enforcement on their volumes.
-To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
+> [!NOTE]
+> To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Enforce disk quota limit*
-- GP name: *DQ_Enforce*
-- GP path: *System\Disk Quotas*
-- GP ADMX file name: *DiskQuota.admx*
+
+**Description framework properties**:
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-**ADMX_DiskQuota/DQ_LogEventOverLimit**
-
+| Name | Value |
+|:--|:--|
+| Name | DQ_Enforce |
+| Friendly Name | Enforce disk quota limit |
+| Location | Computer Configuration |
+| Path | System > Disk Quotas |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
+| Registry Value Name | Enforce |
+| ADMX File Name | DiskQuota.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## DQ_Limit
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_Limit
+```
+
-
-
-This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
-
-If you enable this policy setting, the system records an event when the user reaches their limit.
-
-If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
-
-This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes.
-
-To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Log event when quota limit is exceeded*
-- GP name: *DQ_LogEventOverLimit*
-- GP path: *System\Disk Quotas*
-- GP ADMX file name: *DiskQuota.admx*
-
-
-
-
-
-
-
-**ADMX_DiskQuota/DQ_LogEventOverThreshold**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
-
-If you enable this policy setting, the system records an event.
-
-If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.
-
-If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes.
-
-To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Log event when quota warning level is exceeded*
-- GP name: *DQ_LogEventOverThreshold*
-- GP path: *System\Disk Quotas*
-- GP ADMX file name: *DiskQuota.admx*
-
-
-
-
-
-
-
-
-**ADMX_DiskQuota/DQ_Limit**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting specifies the default disk quota limit and warning level for new users of the volume.
+
This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.
-This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.
-This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
+This setting overrides new users' settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.
-If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group.
+This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
-This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
+- If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level.
-
+When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group.
-
-ADMX Info:
-- GP Friendly name: *Specify default quota limit and warning level*
-- GP name: *DQ_Limit*
-- GP path: *System\Disk Quotas*
-- GP ADMX file name: *DiskQuota.admx*
+This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
+
-
-
+
+
+
-
+
+**Description framework properties**:
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-## Related topics
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DQ_Limit |
+| Friendly Name | Specify default quota limit and warning level |
+| Location | Computer Configuration |
+| Path | System > Disk Quotas |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
+| ADMX File Name | DiskQuota.admx |
+
+
+
+
+
+
+
+
+
+## DQ_LogEventOverLimit
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_LogEventOverLimit
+```
+
+
+
+
+This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
+
+- If you enable this policy setting, the system records an event when the user reaches their limit.
+- If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting while a setting is in effect.
+
+- If you do not configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
+
+This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit.
+
+Also, this policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit, because their status in the Quota Entries window changes.
+
+> [!NOTE]
+> To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DQ_LogEventOverLimit |
+| Friendly Name | Log event when quota limit is exceeded |
+| Location | Computer Configuration |
+| Path | System > Disk Quotas |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
+| Registry Value Name | LogEventOverLimit |
+| ADMX File Name | DiskQuota.admx |
+
+
+
+
+
+
+
+
+
+## DQ_LogEventOverThreshold
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_LogEventOverThreshold
+```
+
+
+
+
+This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
+
+- If you enable this policy setting, the system records an event.
+- If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators cannot change logging while a policy setting is in effect.
+
+- If you do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting.
+
+This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes.
+
+> [!NOTE]
+> To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DQ_LogEventOverThreshold |
+| Friendly Name | Log event when quota warning level is exceeded |
+| Location | Computer Configuration |
+| Path | System > Disk Quotas |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
+| Registry Value Name | LogEventOverThreshold |
+| ADMX File Name | DiskQuota.admx |
+
+
+
+
+
+
+
+
+
+## DQ_RemovableMedia
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_DiskQuota/DQ_RemovableMedia
+```
+
+
+
+
+This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.
+
+- If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only
+
+> [!NOTE]
+> When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DQ_RemovableMedia |
+| Friendly Name | Apply policy to removable media |
+| Location | Computer Configuration |
+| Path | System > Disk Quotas |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\DiskQuota |
+| Registry Value Name | ApplyToRemovableMedia |
+| ADMX File Name | DiskQuota.admx |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 1c2c560e41..18f83b496c 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -24,8 +24,9 @@ ms.topic: reference
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-[!WARNING]
-Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!WARNING]
+> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index db7d591d25..865a8854ec 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -1,819 +1,655 @@
---
-title: Policy CSP - ADMX_MicrosoftDefenderAntivirus
-description: Learn about Policy CSP - ADMX_MicrosoftDefenderAntivirus.
+title: ADMX_MicrosoftDefenderAntivirus Policy CSP
+description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 08/19/2022
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_MicrosoftDefenderAntivirus
->[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+
+> [!TIP]
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_MicrosoftDefenderAntivirus policies
+
+## AllowFastServiceStartup
-
- -
- ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup
-
- -
- ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender
-
- -
- ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions
-
- -
- ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen
-
- -
- ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge
-
- -
- ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring
-
- -
- ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction
-
- -
- ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions
-
- -
- ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths
-
- -
- ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes
-
- -
- ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions
-
- -
- ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules
-
- -
- ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications
-
- -
- ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders
-
- -
- ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation
-
- -
- ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement
-
- -
- ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid
-
- -
- ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition
-
- -
- ADMX_MicrosoftDefenderAntivirus/ProxyBypass
-
- -
- ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl
-
- -
- ADMX_MicrosoftDefenderAntivirus/ProxyServer
-
- -
- ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay
-
- -
- ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay
-
- -
- ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring
-
- -
- ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection
-
- -
- ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime
-
- -
- ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay
-
- -
- ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents
-
- -
- ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay
-
- -
- ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime
-
- -
- ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval
-
- -
- ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup
-
- -
- ADMX_MicrosoftDefenderAntivirus/SpynetReporting
-
- -
- ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting
-
- -
- ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction
-
- -
- ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString
-
- -
- ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress
-
- -
- ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification
-
- -
- ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup
+```
+
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.
-If you enable or don't configure this setting, the antimalware service will load as a normal priority task.
+- If you enable or do not configure this setting, the antimalware service will load as a normal priority task.
-If you disable this setting, the antimalware service will load as a low priority task.
+- If you disable this setting, the antimalware service will load as a low priority task.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Allow antimalware service to startup with normal priority*
-- GP name: *AllowFastServiceStartup*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | AllowFastServiceStartup |
+| Friendly Name | Allow antimalware service to startup with normal priority |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| Registry Value Name | AllowFastServiceStartup |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## DisableAntiSpywareDefender
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender
+```
+
-
-
+
+
This policy setting turns off Microsoft Defender Antivirus.
-If you enable this policy setting, Microsoft Defender Antivirus doesn't run, and won't scan computers for malware or other potentially unwanted software.
+- If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.
-If you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product.
+- If you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product.
-If you don't configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.
+- If you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.
-Enabling or disabling this policy may lead to unexpected or unsupported behavior. It's recommended that you leave this policy setting unconfigured.
+Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off Microsoft Defender Antivirus*
-- GP name: *DisableAntiSpywareDefender*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | DisableAntiSpywareDefender |
+| Friendly Name | Turn off Microsoft Defender Antivirus |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| Registry Value Name | DisableAntiSpyware |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## DisableAutoExclusions
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions
+```
+
-
-
+
+
Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.
-If you disable or don't configure this policy setting, Microsoft Defender Antivirus will exclude pre-defined list of paths from the scan to improve performance. It is disabled by default.
+Disabled (Default):
+Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance.
-If you enable this policy setting, Microsoft Defender Antivirus won't exclude pre-defined list of paths from scans. This non-exclusion can impact machine performance in some scenarios.
+Enabled:
+Microsoft Defender will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios.
-
+Not configured:
+Same as Disabled.
+
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Turn off Auto Exclusions*
-- GP name: *DisableAutoExclusions*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
-- GP ADMX file name: *WindowsDefender.admx*
+
+**Description framework properties**:
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | DisableAutoExclusions |
+| Friendly Name | Turn off Auto Exclusions |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Exclusions |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Exclusions |
+| Registry Value Name | DisableAutoExclusions |
+| ADMX File Name | WindowsDefender.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## DisableBlockAtFirstSeen
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check won't occur, which will lower the protection state of the device.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen
+```
+
-If you enable this feature, the Block at First Sight setting is turned on.
-If you disable this feature, the Block at First Sight setting is turned off.
+
+
+This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.
+Enabled - The Block at First Sight setting is turned on.
+Disabled - The Block at First Sight setting is turned off.
-This feature requires these Policy settings to be set as follows:
+This feature requires these Group Policy settings to be set as follows:
+MAPS -> The "Join Microsoft MAPS" must be enabled or the "Block at First Sight" feature will not function.
+MAPS -> The "Send file samples when further analysis is required" should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the "Block at First Sight" feature will not function.
+Real-time Protection -> The "Scan all downloaded files and attachments" policy must be enabled or the "Block at First Sight" feature will not function.
+Real-time Protection -> Do not enable the "Turn off real-time protection" policy or the "Block at First Sight" feature will not function.
+
-- MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature won't function.
-- MAPS -> The “Send file samples when further analysis is required” should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the “Block at First Sight” feature won't function.
-- Real-time Protection -> The “Scan all downloaded files and attachments” policy must be enabled or the “Block at First Sight” feature won't function.
-- Real-time Protection -> don't enable the “Turn off real-time protection” policy or the “Block at First Sight” feature won't function.
+
+
+
-
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure the 'Block at First Sight' feature*
-- GP name: *DisableBlockAtFirstSeen*
-- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | DisableBlockAtFirstSeen |
+| Friendly Name | Configure the 'Block at First Sight' feature |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > MAPS |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Spynet |
+| Registry Value Name | DisableBlockAtFirstSeen |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## DisableLocalAdminMerge
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge
+```
+
-
-
-This policy setting controls whether or not complex list settings configured by a local administrator are merged with Policy settings. This setting applies to lists such as threats and Exclusions.
+
+
+This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions.
-If you enable or don't configure this setting, unique items defined in Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. If conflicts occur, Policy Settings will override preference settings.
+- If you disable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings.
-If you disable this setting, only items defined by Policy will be used in the resulting effective policy. Policy settings will override preference settings configured by the local administrator.
+- If you enable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure local administrator merge behavior for lists*
-- GP name: *DisableLocalAdminMerge*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | DisableLocalAdminMerge |
+| Friendly Name | Configure local administrator merge behavior for lists |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| Registry Value Name | DisableLocalAdminMerge |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## DisableRealtimeMonitoring
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring
+```
+
-
-
-This policy setting turns off real-time protection prompts for known malware detection.
+
+
+This policy turns off real-time protection in Microsoft Defender Antivirus.
-Microsoft Defender Antivirus alerts you when malware or potentially unwanted software attempts to install itself or to run on your computer.
+Real-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.
-If you enable this policy setting, Microsoft Defender Antivirus won't prompt users to take actions on malware detections.
+- If you enable this policy setting, real-time protection is turned off.
-If you disable or don't configure this policy setting, Microsoft Defender Antivirus will prompt users to take actions on malware detections.
+If you either disable or do not configure this policy setting, real-time protection is turned on.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off real-time protection*
-- GP name: *DisableRealtimeMonitoring*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | DisableRealtimeMonitoring |
+| Friendly Name | Turn off real-time protection |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | DisableRealtimeMonitoring |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## DisableRoutinelyTakingAction
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction
+```
+
-
-
+
+
This policy setting allows you to configure whether Microsoft Defender Antivirus automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action.
-If you enable this policy setting, Microsoft Defender Antivirus doesn't automatically take action on the detected threats, but prompts users to choose from the actions available for each threat.
+- If you enable this policy setting, Microsoft Defender Antivirus does not automatically take action on the detected threats, but prompts users to choose from the actions available for each threat.
-If you disable or don't configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.
+- If you disable or do not configure this policy setting, Microsoft Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of approximately five seconds.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off routine remediation*
-- GP name: *DisableRoutinelyTakingAction*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | DisableRoutinelyTakingAction |
+| Friendly Name | Turn off routine remediation |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| Registry Value Name | DisableRoutinelyTakingAction |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Exclusions_Extensions
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions
+```
+
-
-
-This policy setting allows you to specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value isn't used and it's recommended that this value is set to 0.
+
+
+This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Extension Exclusions*
-- GP name: *Exclusions_Extensions*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Exclusions_Extensions |
+| Friendly Name | Extension Exclusions |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Exclusions |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Exclusions |
+| Registry Value Name | Exclusions_Extensions |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Exclusions_Paths
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths
+```
+
-
-
-This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name.
+
+
+This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and it is recommended that this be set to 0.
+
-As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value isn't used and it's recommended that this value is set to 0.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Path Exclusions*
-- GP name: *Exclusions_Paths*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes**
+| Name | Value |
+|:--|:--|
+| Name | Exclusions_Paths |
+| Friendly Name | Path Exclusions |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Exclusions |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Exclusions |
+| Registry Value Name | Exclusions_Paths |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## Exclusions_Processes
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes
+```
+
-
+
+
+This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy does not apply to scheduled scans. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. **Note** that only executables can be excluded. For example, a process might be defined as "c\windows\app.exe". The value is not used and it is recommended that this be set to 0.
+
-
-
-This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself won't be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. Only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value isn't used and it's recommended that this value is set to 0.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Process Exclusions*
-- GP name: *Exclusions_Processes*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions**
+| Name | Value |
+|:--|:--|
+| Name | Exclusions_Processes |
+| Friendly Name | Process Exclusions |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Exclusions |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Exclusions |
+| Registry Value Name | Exclusions_Processes |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## ExploitGuard_ASR_ASROnlyExclusions
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions
+```
+
-
-
-
-
+
+
Exclude files and paths from Attack Surface Reduction (ASR) rules.
Enabled:
Specify the folders or files and resources that should be excluded from ASR rules in the Options section.
Enter each rule on a new line as a name-value pair:
-
- Name column: Enter a folder path or a fully qualified resource name. For example, "C:\Windows" will exclude all files in that directory. "C:\Windows\App.exe" will exclude only that specific file in that specific folder
- Value column: Enter "0" for each item
@@ -823,61 +659,76 @@ No exclusions will be applied to the ASR rules.
Not configured:
Same as Disabled.
-You can configure ASR rules in the "Configure Attack Surface Reduction rules" GP setting.
+You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules*
-- GP name: *ExploitGuard_ASR_ASROnlyExclusions*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ExploitGuard_ASR_ASROnlyExclusions |
+| Friendly Name | Exclude files and paths from Attack Surface Reduction Rules |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Attack Surface Reduction |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR |
+| Registry Value Name | ExploitGuard_ASR_ASROnlyExclusions |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## ExploitGuard_ASR_Rules
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules
+```
+
-
-
-Set the state for each ASR rule.
+
+
+Set the state for each Attack Surface Reduction (ASR) rule.
-After enabling this setting, you can set each rule to the following values in the Options section:
+After enabling this setting, you can set each rule to the following in the Options section:
+- Block: the rule will be applied
+- Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied)
+- Off: the rule will not be applied
+- Not Configured: the rule is enabled with default values
+- Warn: the rule will be applied and the end-user will have the option to bypass the block
-- Block: The rule will be applied
-- Audit Mode: If the rule would normally cause an event, then it will be recorded (although the rule won't actually be applied)
-- Off: The rule won't be applied
+Unless the ASR rule is disabled, a subsample of audit events are collected for ASR rules will the value of not configured.
Enabled:
Specify the state for each ASR rule under the Options section for this setting.
Enter each rule on a new line as a name-value pair:
-
- Name column: Enter a valid ASR rule ID
- Value column: Enter the status ID that relates to state you want to specify for the associated rule
@@ -885,11 +736,16 @@ The following status IDs are permitted under the value column:
- 1 (Block)
- 0 (Off)
- 2 (Audit)
+- 5 (Not Configured)
+- 6 (Warn)
Example:
-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0
-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1
-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 2
+xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+0
+xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+1
+xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+2
Disabled:
No ASR rules will be configured.
@@ -898,3903 +754,4951 @@ Not configured:
Same as Disabled.
You can exclude folders or files in the "Exclude files and paths from Attack Surface Reduction Rules" GP setting.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure Attack Surface Reduction rules*
-- GP name: *ExploitGuard_ASR_Rules*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ExploitGuard_ASR_Rules |
+| Friendly Name | Configure Attack Surface Reduction rules |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Attack Surface Reduction |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR |
+| Registry Value Name | ExploitGuard_ASR_Rules |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## ExploitGuard_ControlledFolderAccess_AllowedApplications
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications
+```
+
-
-
-Add other applications that should be considered "trusted" by controlled folder access.
+
+
+Add additional applications that should be considered "trusted" by controlled folder access.
These applications are allowed to modify or delete files in controlled folder access folders.
-Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add other applications.
+Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications.
Enabled:
-Specify other allowed applications in the Options section.
+Specify additional allowed applications in the Options section..
Disabled:
-No other applications will be added to the trusted list.
+No additional applications will be added to the trusted list.
Not configured:
Same as Disabled.
-You can enable controlled folder access in the "Configure controlled folder access" GP setting.
+You can enable controlled folder access in the Configure controlled folder access GP setting.
-Default system folders are automatically guarded, but you can add folders in the "Configure protected folders" GP setting.
+Default system folders are automatically guarded, but you can add folders in the configure protected folders GP setting.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure allowed applications*
-- GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ExploitGuard_ControlledFolderAccess_AllowedApplications |
+| Friendly Name | Configure allowed applications |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access |
+| Registry Value Name | ExploitGuard_ControlledFolderAccess_AllowedApplications |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## ExploitGuard_ControlledFolderAccess_ProtectedFolders
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders
+```
+
-
-
+
+
Specify additional folders that should be guarded by the Controlled folder access feature.
-Files in these folders can't be modified or deleted by untrusted applications.
+Files in these folders cannot be modified or deleted by untrusted applications.
-Default system folders are automatically protected. You can configure this setting to add more folders.
+Default system folders are automatically protected. You can configure this setting to add additional folders.
The list of default system folders that are protected is shown in Windows Security.
Enabled:
-Specify more folders that should be protected in the Options section.
+Specify additional folders that should be protected in the Options section.
Disabled:
-No other folders will be protected.
+No additional folders will be protected.
Not configured:
Same as Disabled.
-You can enable controlled folder access in the "Configure controlled folder access" GP setting.
+You can enable controlled folder access in the Configure controlled folder access GP setting.
-Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add more trusted applications in the "Configure allowed applications" GP setting.
+Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure protected folders*
-- GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ExploitGuard_ControlledFolderAccess_ProtectedFolders |
+| Friendly Name | Configure protected folders |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access |
+| Registry Value Name | ExploitGuard_ControlledFolderAccess_ProtectedFolders |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## MpEngine_EnableFileHashComputation
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation
+```
+
-
-
+
+
Enable or disable file hash computation feature.
Enabled:
-When this feature is enabled, Microsoft Defender Antivirus will compute hash value for files it scans.
+When this feature is enabled Microsoft Defender will compute hash value for files it scans.
Disabled:
-File hash value isn't computed
+File hash value is not computed
Not configured:
Same as Disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Enable file hash computation feature*
-- GP name: *MpEngine_EnableFileHashComputation*
-- GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | MpEngine_EnableFileHashComputation |
+| Friendly Name | Enable file hash computation feature |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > MpEngine |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\MpEngine |
+| Registry Value Name | EnableFileHashComputation |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Nis_Consumers_IPS_DisableSignatureRetirement
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement
+```
+
-
-
-This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system isn't vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol are retired, then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance.
+
+
+This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance.
-If you enable or don't configure this setting, definition retirement will be enabled.
+- If you enable or do not configure this setting, definition retirement will be enabled.
-If you disable this setting, definition retirement will be disabled.
+- If you disable this setting, definition retirement will be disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on definition retirement*
-- GP name: *Nis_Consumers_IPS_DisableSignatureRetirement*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Nis_Consumers_IPS_DisableSignatureRetirement |
+| Friendly Name | Turn on definition retirement |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Network Inspection System |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS |
+| Registry Value Name | DisableSignatureRetirement |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid
+```
+
-
-
-This policy setting defines more definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value isn't used and it's recommended that this value is set to 0.
+
+
+This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: "{b54b6ac9-a737-498e-9120-6616ad3bf590}". The value is not used and it is recommended that this be set to 0.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Specify additional definition sets for network traffic inspection*
-- GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid |
+| Friendly Name | Specify additional definition sets for network traffic inspection |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Network Inspection System |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation |
+| Registry Value Name | Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Nis_DisableProtocolRecognition
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition
+```
+
-
-
+
+
This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.
-If you enable or don't configure this setting, protocol recognition will be enabled.
+- If you enable or do not configure this setting, protocol recognition will be enabled.
-If you disable this setting, protocol recognition will be disabled.
+- If you disable this setting, protocol recognition will be disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on protocol recognition*
-- GP name: *Nis_DisableProtocolRecognition*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/ProxyBypass**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Nis_DisableProtocolRecognition |
+| Friendly Name | Turn on protocol recognition |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Network Inspection System |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\NIS |
+| Registry Value Name | DisableProtocolRecognition |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## ProxyBypass
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ProxyBypass
+```
+
-
-
+
+
This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.
-If you enable this setting, the proxy server will be bypassed for the specified addresses.
+- If you enable this setting, the proxy server will be bypassed for the specified addresses.
-If you disable or don't configure this setting, the proxy server won't be bypassed for the specified addresses.
+- If you disable or do not configure this setting, the proxy server will not be bypassed for the specified addresses.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Define addresses to bypass proxy server*
-- GP name: *ProxyBypass*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ProxyBypass |
+| Friendly Name | Define addresses to bypass proxy server |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## ProxyPacUrl
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-
-
-This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there's no proxy auto-config specified, the client will fall back to the alternative options (in order):
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl
+```
+
+
+
+This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order):
1. Proxy server (if specified)
2. Proxy .pac URL (if specified)
+
3. None
4. Internet Explorer proxy settings
+
5. Autodetect
-If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above.
+- If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above.
-If you disable or don't configure this setting, the proxy will skip over this fallback step according to the order specified above.
+- If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Define proxy auto-config (.pac) for connecting to the network*
-- GP name: *ProxyPacUrl*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/ProxyServer**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ProxyPacUrl |
+| Friendly Name | Define proxy auto-config (.pac) for connecting to the network |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## ProxyServer
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-
-
-This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there's no proxy specified, the client will fall back to the alternative options (in order):
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ProxyServer
+```
+
+
+
+This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order):
1. Proxy server (if specified)
2. Proxy .pac URL (if specified)
+
3. None
4. Internet Explorer proxy settings
+
5. Autodetect
-If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either http:// or https://.
+- If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either https:// or https://.
-If you disable or don't configure this setting, the proxy will skip over this fallback step according to the order specified above.
+- If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Define proxy server for connecting to the network*
-- GP name: *ProxyServer*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ProxyServer |
+| Friendly Name | Define proxy server for connecting to the network |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Quarantine_LocalSettingOverridePurgeItemsAfterDelay
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay
+```
+
-
-
-This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Policy.
+
+
+This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy.
-If you enable this setting, the local preference setting will take priority over Policy.
+- If you enable this setting, the local preference setting will take priority over Group Policy.
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for the removal of items from Quarantine folder*
-- GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Quarantine_LocalSettingOverridePurgeItemsAfterDelay |
+| Friendly Name | Configure local setting override for the removal of items from Quarantine folder |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Quarantine |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Quarantine |
+| Registry Value Name | LocalSettingOverridePurgeItemsAfterDelay |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Quarantine_PurgeItemsAfterDelay
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay
+```
+
-
-
+
+
This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.
-If you enable this setting, items will be removed from the Quarantine folder after the number of days specified.
+- If you enable this setting, items will be removed from the Quarantine folder after the number of days specified.
-If you disable or don't configure this setting, items will be kept in the quarantine folder indefinitely and won't be automatically removed.
+- If you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure removal of items from Quarantine folder*
-- GP name: *Quarantine_PurgeItemsAfterDelay*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Quarantine_PurgeItemsAfterDelay |
+| Friendly Name | Configure removal of items from Quarantine folder |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Quarantine |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Quarantine |
+| Registry Value Name | PurgeItemsAfterDelay |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## RandomizeScheduleTaskTimes
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes
+```
+
-
-
-This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled security intelligence update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.
+
+
+This policy setting allows you to configure the scheduled scan, and the scheduled security intelligence update, start time window in hours.
-If you enable or don't configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time.
+- If you disable or do not configure this setting, scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler.
+- If you enable this setting, you can widen, or narrow, this randomization period. Specify a randomization window of between 1 and 23 hours.
+
-If you disable this setting, scheduled tasks will begin at the specified start time.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Randomize scheduled task times*
-- GP name: *RandomizeScheduleTaskTimes*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring**
+| Name | Value |
+|:--|:--|
+| Name | RandomizeScheduleTaskTimes |
+| Friendly Name | Randomize scheduled task times |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| Registry Value Name | RandomizeScheduleTaskTimes |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## RealtimeProtection_DisableBehaviorMonitoring
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring
+```
+
-
-
-
-
+
+
This policy setting allows you to configure behavior monitoring.
-If you enable or don't configure this setting, behavior monitoring will be enabled.
+- If you enable or do not configure this setting, behavior monitoring will be enabled.
-If you disable this setting, behavior monitoring will be disabled.
+- If you disable this setting, behavior monitoring will be disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on behavior monitoring*
-- GP name: *RealtimeProtection_DisableBehaviorMonitoring*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_DisableBehaviorMonitoring |
+| Friendly Name | Turn on behavior monitoring |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | DisableBehaviorMonitoring |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## RealtimeProtection_DisableIOAVProtection
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection
+```
+
-
-
+
+
This policy setting allows you to configure scanning for all downloaded files and attachments.
-If you enable or don't configure this setting, scanning for all downloaded files and attachments will be enabled.
+- If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled.
-If you disable this setting, scanning for all downloaded files and attachments will be disabled.
+- If you disable this setting, scanning for all downloaded files and attachments will be disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Scan all downloaded files and attachments*
-- GP name: *RealtimeProtection_DisableIOAVProtection*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_DisableIOAVProtection |
+| Friendly Name | Scan all downloaded files and attachments |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | DisableIOAVProtection |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## RealtimeProtection_DisableOnAccessProtection
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection
+```
+
-
-
+
+
This policy setting allows you to configure monitoring for file and program activity.
-If you enable or don't configure this setting, monitoring for file and program activity will be enabled.
+- If you enable or do not configure this setting, monitoring for file and program activity will be enabled.
-If you disable this setting, monitoring for file and program activity will be disabled.
+- If you disable this setting, monitoring for file and program activity will be disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Monitor file and program activity on your computer*
-- GP name: *RealtimeProtection_DisableOnAccessProtection*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_DisableOnAccessProtection |
+| Friendly Name | Monitor file and program activity on your computer |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | DisableOnAccessProtection |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## RealtimeProtection_DisableRawWriteNotification
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification
+```
+
-
-
+
+
This policy setting controls whether raw volume write notifications are sent to behavior monitoring.
-If you enable or don't configure this setting, raw write notifications will be enabled.
+- If you enable or do not configure this setting, raw write notifications will be enabled.
-If you disable this setting, raw write notifications be disabled.
+- If you disable this setting, raw write notifications be disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on raw volume write notifications*
-- GP name: *RealtimeProtection_DisableRawWriteNotification*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_DisableRawWriteNotification |
+| Friendly Name | Turn on raw volume write notifications |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | DisableRawWriteNotification |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## RealtimeProtection_DisableScanOnRealtimeEnable
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable
+```
+
-
-
-This policy setting allows you to configure process scanning when real-time protection is turned on. This configuration helps to catch malware that could start when real-time protection is turned off.
+
+
+This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off.
-If you enable or don't configure this setting, a process scan will be initiated when real-time protection is turned on.
+- If you enable or do not configure this setting, a process scan will be initiated when real-time protection is turned on.
-If you disable this setting, a process scan won't be initiated when real-time protection is turned on.
+- If you disable this setting, a process scan will not be initiated when real-time protection is turned on.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on process scanning whenever real-time protection is enabled*
-- GP name: *RealtimeProtection_DisableScanOnRealtimeEnable*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_DisableScanOnRealtimeEnable |
+| Friendly Name | Turn on process scanning whenever real-time protection is enabled |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | DisableScanOnRealtimeEnable |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## RealtimeProtection_IOAVMaxSize
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize
+```
+
-
-
+
+
This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.
-If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned.
-
-If you disable or don't configure this setting, a default size will be applied.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Define the maximum size of downloaded files and attachments to be scanned*
-- GP name: *RealtimeProtection_IOAVMaxSize*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for turn on behavior monitoring*
-- GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for scanning all downloaded files and attachments*
-- GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for monitoring file and program activity on your computer*
-- GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override to turn on real-time protection*
-- GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for monitoring for incoming and outgoing file activity*
-- GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation*
-- GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+- If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned.
+
+- If you disable or do not configure this setting, a default size will be applied.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_IOAVMaxSize |
+| Friendly Name | Define the maximum size of downloaded files and attachments to be scanned |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | IOAVMaxSize |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring
+```
+
+
+
+
+This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring |
+| Friendly Name | Configure local setting override for turn on behavior monitoring |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | LocalSettingOverrideDisableBehaviorMonitoring |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## RealtimeProtection_LocalSettingOverrideDisableIOAVProtection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection
+```
+
+
+
+
+This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_LocalSettingOverrideDisableIOAVProtection |
+| Friendly Name | Configure local setting override for scanning all downloaded files and attachments |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | LocalSettingOverrideDisableIOAVProtection |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection
+```
+
+
+
+
+This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection |
+| Friendly Name | Configure local setting override for monitoring file and program activity on your computer |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | LocalSettingOverrideDisableOnAccessProtection |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring
+```
+
+
+
+
+This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring |
+| Friendly Name | Configure local setting override to turn on real-time protection |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | LocalSettingOverrideDisableRealtimeMonitoring |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## RealtimeProtection_LocalSettingOverrideRealtimeScanDirection
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection
+```
+
+
+
+
+This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RealtimeProtection_LocalSettingOverrideRealtimeScanDirection |
+| Friendly Name | Configure local setting override for monitoring for incoming and outgoing file activity |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Real-time Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Real-Time Protection |
+| Registry Value Name | LocalSettingOverrideRealtimeScanDirection |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Remediation_LocalSettingOverrideScan_ScheduleTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime
+```
+
+
+
+
+This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Remediation_LocalSettingOverrideScan_ScheduleTime |
+| Friendly Name | Configure local setting override for the time of day to run a scheduled full scan to complete remediation |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Remediation |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Remediation |
+| Registry Value Name | LocalSettingOverrideScan_ScheduleTime |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Remediation_Scan_ScheduleDay
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay
+```
+
+
+
+
This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all.
This setting can be configured with the following ordinal number values:
+(0x0) Every Day
+(0x1) Sunday
+(0x2) Monday
+(0x3) Tuesday
+(0x4) Wednesday
+(0x5) Thursday
+(0x6) Friday
+(0x7) Saturday
+(0x8) Never (default)
-- (0x0) Every Day
-- (0x1) Sunday
-- (0x2) Monday
-- (0x3) Tuesday
-- (0x4) Wednesday
-- (0x5) Thursday
-- (0x6) Friday
-- (0x7) Saturday
-- (0x8) Never (default)
+- If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified.
-If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified.
+- If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency.
+
-If you disable or don't configure this setting, a scheduled full scan to complete remediation will run at a default frequency.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Specify the day of the week to run a scheduled full scan to complete remediation*
-- GP name: *Remediation_Scan_ScheduleDay*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime**
+| Name | Value |
+|:--|:--|
+| Name | Remediation_Scan_ScheduleDay |
+| Friendly Name | Specify the day of the week to run a scheduled full scan to complete remediation |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Remediation |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Remediation |
+| Registry Value Name | Scan_ScheduleDay |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## Remediation_Scan_ScheduleTime
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime
+```
+
-
+
+
+This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing.
-
-
-This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing.
+- If you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified.
-If you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified.
+- If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default time.
+
-If you disable or don't configure this setting, a scheduled full scan to complete remediation will run at a default time.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Specify the time of day to run a scheduled full scan to complete remediation*
-- GP name: *Remediation_Scan_ScheduleTime*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout**
+| Name | Value |
+|:--|:--|
+| Name | Remediation_Scan_ScheduleTime |
+| Friendly Name | Specify the time of day to run a scheduled full scan to complete remediation |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Remediation |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Remediation |
+| Registry Value Name | Scan_ScheduleTime |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## Reporting_AdditionalActionTimeout
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout
+```
+
-
-
-
-
+
+
This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" state.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure time out for detections requiring additional action*
-- GP name: *Reporting_AdditionalActionTimeout*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Reporting_AdditionalActionTimeout |
+| Friendly Name | Configure time out for detections requiring additional action |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | AdditionalActionTimeout |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Reporting_CriticalFailureTimeout
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout
+```
+
-
-
-This policy setting configures the time in minutes before a detection in the “critically failed” state to moves to either the “additional action” state or the “cleared” state.
+
+
+This policy setting configures the time in minutes before a detection in the "critically failed" state to moves to either the "additional action" state or the "cleared" state.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure time out for detections in critically failed state*
-- GP name: *Reporting_CriticalFailureTimeout*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Reporting_CriticalFailureTimeout |
+| Friendly Name | Configure time out for detections in critically failed state |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | CriticalFailureTimeout |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Reporting_DisableEnhancedNotifications
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications
+```
+
-
-
+
+
Use this policy setting to specify if you want Microsoft Defender Antivirus enhanced notifications to display on clients.
-If you disable or don't configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients.
+- If you disable or do not configure this setting, Microsoft Defender Antivirus enhanced notifications will display on clients.
-If you enable this setting, Microsoft Defender Antivirus enhanced notifications won't display on clients.
+- If you enable this setting, Microsoft Defender Antivirus enhanced notifications will not display on clients.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off enhanced notifications*
-- GP name: *Reporting_DisableEnhancedNotifications*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-**ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports**
-
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Reporting_DisableEnhancedNotifications |
+| Friendly Name | Turn off enhanced notifications |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | DisableEnhancedNotifications |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Reporting_DisablegenericrePorts
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_DisablegenericrePorts
+```
+
-
-
+
+
This policy setting allows you to configure whether or not Watson events are sent.
-If you enable or don't configure this setting, Watson events will be sent.
+- If you enable or do not configure this setting, Watson events will be sent.
-If you disable this setting, Watson events won't be sent.
+- If you disable this setting, Watson events will not be sent.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure Watson events*
-- GP name: *Reporting_Disablegenericreports*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Reporting_DisablegenericrePorts |
+| Friendly Name | Configure Watson events |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | DisableGenericRePorts |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Reporting_NonCriticalTimeout
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout
+```
+
-
-
+
+
This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" state.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure time out for detections in non-critical failed state*
-- GP name: *Reporting_NonCriticalTimeout*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout**
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | Reporting_NonCriticalTimeout |
+| Friendly Name | Configure time out for detections in non-critical failed state |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | NonCriticalTimeout |
+| ADMX File Name | WindowsDefender.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## Reporting_RecentlyCleanedTimeout
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout
+```
+
+
+
+
This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure time out for detections in recently remediated state*
-- GP name: *Reporting_RecentlyCleanedTimeout*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Reporting_RecentlyCleanedTimeout |
+| Friendly Name | Configure time out for detections in recently remediated state |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | RecentlyCleanedTimeout |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Reporting_WppTracingComponents
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents
+```
+
-
-
+
+
This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure Windows software trace preprocessor components*
-- GP name: *Reporting_WppTracingComponents*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Reporting_WppTracingComponents |
+| Friendly Name | Configure Windows software trace preprocessor components |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | WppTracingComponents |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Reporting_WppTracingLevel
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel
+```
+
-
-
+
+
This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
-
Tracing levels are defined as:
+1 - Error
+2 - Warning
+3 - Info
+4 - Debug
+
-- 1 - Error
-- 2 - Warning
-- 3 - Info
-- 4 - Debug
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Configure WPP tracing level*
-- GP name: *Reporting_WppTracingLevel*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause**
+| Name | Value |
+|:--|:--|
+| Name | Reporting_WppTracingLevel |
+| Friendly Name | Configure WPP tracing level |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Reporting |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Reporting |
+| Registry Value Name | WppTracingLevel |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## Scan_AllowPause
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause
+```
+
-
-
-
-
+
+
This policy setting allows you to manage whether or not end users can pause a scan in progress.
-If you enable or don't configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan.
-
-If you disable this setting, users won't be able to pause scans.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Allow users to pause scan*
-- GP name: *Scan_AllowPause*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.
-
-If you enable this setting, archive files will be scanned to the directory depth level specified.
-
-If you disable or don't configure this setting, archive files will be scanned to the default directory depth level.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Specify the maximum depth to scan archive files*
-- GP name: *Scan_ArchiveMaxDepth*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.
-
-If you enable this setting, archive files less than or equal to the size specified will be scanned.
-
-If you disable or don't configure this setting, archive files will be scanned according to the default value.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Specify the maximum size of archive files to be scanned*
-- GP name: *Scan_ArchiveMaxSize*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.
-
-If you enable or don't configure this setting, archive files will be scanned.
-
-If you disable this setting, archive files won't be scanned.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Scan archive files*
-- GP name: *Scan_DisableArchiveScanning*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac).
-
-If you enable this setting, e-mail scanning will be enabled.
-
-If you disable or don't configure this setting, e-mail scanning will be disabled.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Turn on e-mail scanning*
-- GP name: *Scan_DisableEmailScanning*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It's recommended that you don't turn off heuristics.
-
-If you enable or don't configure this setting, heuristics will be enabled.
-
-If you disable this setting, heuristics will be disabled.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Turn on heuristics*
-- GP name: *Scan_DisableHeuristics*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure scanning for packed executables. It's recommended that this type of scanning remains enabled.
-
-If you enable or don't configure this setting, packed executables will be scanned.
-
-If you disable this setting, packed executables won't be scanned.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Scan packed executables*
-- GP name: *Scan_DisablePackedExeScanning*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+- If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan.
+
+- If you disable this setting, users will not be able to pause scans.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_AllowPause |
+| Friendly Name | Allow users to pause scan |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | AllowPause |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_ArchiveMaxDepth
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth
+```
+
+
+
+
+This policy setting allows you to configure the maximum directory depth level into which archive files such as . ZIP or . CAB are unpacked during scanning. The default directory depth level is 0.
+
+- If you enable this setting, archive files will be scanned to the directory depth level specified.
+
+- If you disable or do not configure this setting, archive files will be scanned to the default directory depth level.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_ArchiveMaxDepth |
+| Friendly Name | Specify the maximum depth to scan archive files |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | ArchiveMaxDepth |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_ArchiveMaxSize
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize
+```
+
+
+
+
+This policy setting allows you to configure the maximum size of archive files such as . ZIP or . CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.
+
+- If you enable this setting, archive files less than or equal to the size specified will be scanned.
+
+- If you disable or do not configure this setting, archive files will be scanned according to the default value.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_ArchiveMaxSize |
+| Friendly Name | Specify the maximum size of archive files to be scanned |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | ArchiveMaxSize |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_DisableArchiveScanning
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning
+```
+
+
+
+
+This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as . ZIP or . CAB files.
+
+- If you enable or do not configure this setting, archive files will be scanned.
+
+- If you disable this setting, archive files will not be scanned. However, archives are always scanned during directed scans.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableArchiveScanning |
+| Friendly Name | Scan archive files |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableArchiveScanning |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_DisableEmailScanning
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning
+```
+
+
+
+
+This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). Email scanning is not supported on modern email clients.
+
+- If you enable this setting, e-mail scanning will be enabled.
+
+- If you disable or do not configure this setting, e-mail scanning will be disabled.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableEmailScanning |
+| Friendly Name | Turn on e-mail scanning |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableEmailScanning |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_DisableHeuristics
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics
+```
+
+
+
+
+This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics.
+
+- If you enable or do not configure this setting, heuristics will be enabled.
+
+- If you disable this setting, heuristics will be disabled.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableHeuristics |
+| Friendly Name | Turn on heuristics |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableHeuristics |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_DisablePackedExeScanning
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+
+
+
+
+
+
+
+
+
+
+## Scan_DisableRemovableDriveScanning
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning
+```
+
+
+
+
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
-If you enable this setting, removable drives will be scanned during any type of scan.
+- If you enable this setting, removable drives will be scanned during any type of scan.
-If you disable or don't configure this setting, removable drives won't be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
+- If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Scan removable drives*
-- GP name: *Scan_DisableRemovableDriveScanning*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableRemovableDriveScanning |
+| Friendly Name | Scan removable drives |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableRemovableDriveScanning |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Scan_DisableReparsePointScanning
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning
+```
+
-
-
-This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality.
+
+
+This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this is the recommended state for this functionality.
-If you enable this setting, reparse point scanning will be enabled.
+- If you enable this setting, reparse point scanning will be enabled.
-If you disable or don't configure this setting, reparse point scanning will be disabled.
+- If you disable or do not configure this setting, reparse point scanning will be disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on reparse point scanning*
-- GP name: *Scan_DisableReparsePointScanning*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableReparsePointScanning |
+| Friendly Name | Turn on reparse point scanning |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableReparsePointScanning |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Scan_DisableRestorePoint
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint
+```
+
-
-
+
+
This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
-If you enable this setting, a system restore point will be created.
+- If you enable this setting, a system restore point will be created.
-If you disable or don't configure this setting, a system restore point won't be created.
+- If you disable or do not configure this setting, a system restore point will not be created.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Create a system restore point*
-- GP name: *Scan_DisableRestorePoint*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan**
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableRestorePoint |
+| Friendly Name | Create a system restore point |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableRestorePoint |
+| ADMX File Name | WindowsDefender.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## Scan_DisableScanningMappedNetworkDrivesForFullScan
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningMappedNetworkDrivesForFullScan
+```
+
+
+
+
This policy setting allows you to configure scanning mapped network drives.
-If you enable this setting, mapped network drives will be scanned.
-
-If you disable or don't configure this setting, mapped network drives won't be scanned.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Run full scan on mapped network drives*
-- GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure scanning for network files. It's recommended that you don't enable this setting.
-
-If you enable this setting, network files will be scanned.
-
-If you disable or don't configure this setting, network files won't be scanned.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Scan network files*
-- GP name: *Scan_DisableScanningNetworkFiles*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for maximum percentage of CPU utilization*
-- GP name: *Scan_LocalSettingOverrideAvgCPULoadFactor*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for the scan type to use for a scheduled scan*
-- GP name: *Scan_LocalSettingOverrideScanParameters*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for schedule scan day*
-- GP name: *Scan_LocalSettingOverrideScheduleDay*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for scheduled quick scan time*
-- GP name: *Scan_LocalSettingOverrideScheduleQuickScantime*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for scheduled scan time*
-- GP name: *Scan_LocalSettingOverrideScheduleTime*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+- If you enable this setting, mapped network drives will be scanned.
+
+- If you disable or do not configure this setting, mapped network drives will not be scanned.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableScanningMappedNetworkDrivesForFullScan |
+| Friendly Name | Run full scan on mapped network drives |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableScanningMappedNetworkDrivesForFullScan |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_DisableScanningNetworkFiles
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles
+```
+
+
+
+
+This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting.
+
+- If you enable this setting, network files will be scanned.
+
+- If you disable or do not configure this setting, network files will not be scanned.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_DisableScanningNetworkFiles |
+| Friendly Name | Scan network files |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisableScanningNetworkFiles |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_LocalSettingOverrideAvgCPULoadFactor
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor
+```
+
+
+
+
+This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_LocalSettingOverrideAvgCPULoadFactor |
+| Friendly Name | Configure local setting override for maximum percentage of CPU utilization |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | LocalSettingOverrideAvgCPULoadFactor |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_LocalSettingOverrideScanParameters
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters
+```
+
+
+
+
+This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_LocalSettingOverrideScanParameters |
+| Friendly Name | Configure local setting override for the scan type to use for a scheduled scan |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | LocalSettingOverrideScanParameters |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_LocalSettingOverrideScheduleDay
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay
+```
+
+
+
+
+This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_LocalSettingOverrideScheduleDay |
+| Friendly Name | Configure local setting override for schedule scan day |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | LocalSettingOverrideScheduleDay |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_LocalSettingOverrideScheduleQuickScantime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime
+```
+
+
+
+
+This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_LocalSettingOverrideScheduleQuickScantime |
+| Friendly Name | Configure local setting override for scheduled quick scan time |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | LocalSettingOverrideScheduleQuickScanTime |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_LocalSettingOverrideScheduleTime
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime
+```
+
+
+
+
+This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_LocalSettingOverrideScheduleTime |
+| Friendly Name | Configure local setting override for scheduled scan time |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | LocalSettingOverrideScheduleTime |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## Scan_LowCpuPriority
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority
+```
+
+
+
+
This policy setting allows you to enable or disable low CPU priority for scheduled scans.
-If you enable this setting, low CPU priority will be used during scheduled scans.
+- If you enable this setting, low CPU priority will be used during scheduled scans.
-If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans.
+- If you disable or do not configure this setting, not changes will be made to CPU priority for scheduled scans.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Configure low CPU priority for scheduled scans*
-- GP name: *Scan_LowCpuPriority*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Scan_LowCpuPriority |
+| Friendly Name | Configure low CPU priority for scheduled scans |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | LowCpuPriority |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Scan_MissedScheduledScanCountBeforeCatchup
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup
+```
+
-
-
+
+
This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up scan will be forced. By default, the value of this setting is 2 consecutive scheduled scans.
-If you enable this setting, a catch-up scan will occur after the specified number consecutive missed scheduled scans.
+- If you enable this setting, a catch-up scan will occur after the specified number consecutive missed scheduled scans.
-If you disable or don't configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans.
+- If you disable or do not configure this setting, a catch-up scan will occur after the 2 consecutive missed scheduled scans.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Define the number of days after which a catch-up scan is forced*
-- GP name: *Scan_MissedScheduledScanCountBeforeCatchup*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Scan_MissedScheduledScanCountBeforeCatchup |
+| Friendly Name | Define the number of days after which a catch-up scan is forced |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | MissedScheduledScanCountBeforeCatchup |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Scan_PurgeItemsAfterDelay
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay
+```
+
-
-
-This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and won't be automatically removed. By default, the value is set to 30 days.
+
+
+This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the value is set to 30 days.
-If you enable this setting, items will be removed from the scan history folder after the number of days specified.
+- If you enable this setting, items will be removed from the scan history folder after the number of days specified.
-If you disable or don't configure this setting, items will be kept in the scan history folder for the default number of days.
+- If you disable or do not configure this setting, items will be kept in the scan history folder for the default number of days.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on removal of items from scan history folder*
-- GP name: *Scan_PurgeItemsAfterDelay*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Scan_PurgeItemsAfterDelay |
+| Friendly Name | Turn on removal of items from scan history folder |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | PurgeItemsAfterDelay |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Scan_QuickScanInterval
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval
+```
+
-
-
-This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans won't occur. By default, this setting is set to 0.
+
+
+This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting is set to 0.
-If you enable this setting, a quick scan will run at the interval specified.
+- If you enable this setting, a quick scan will run at the interval specified.
-If you disable or don't configure this setting, a quick scan will run at a default time.
+- If you disable or do not configure this setting, quick scan controlled by this config will not be run.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Specify the interval to run quick scans per day*
-- GP name: *Scan_QuickScanInterval*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Scan_QuickScanInterval |
+| Friendly Name | Specify the interval to run quick scans per day |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | QuickScanInterval |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Scan_ScanOnlyIfIdle
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle
+```
+
-
-
+
+
This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.
-If you enable or don't configure this setting, scheduled scans will only run when the computer is on but not in use.
+- If you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use.
-If you disable this setting, scheduled scans will run at the scheduled time.
+- If you disable this setting, scheduled scans will run at the scheduled time.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Start the scheduled scan only when computer is on but not in use*
-- GP name: *Scan_ScanOnlyIfIdle*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Scan_ScanOnlyIfIdle |
+| Friendly Name | Start the scheduled scan only when computer is on but not in use |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | ScanOnlyIfIdle |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Scan_ScheduleDay
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay
+```
+
-
-
+
+
This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.
This setting can be configured with the following ordinal number values:
+(0x0) Every Day
+(0x1) Sunday
+(0x2) Monday
+(0x3) Tuesday
+(0x4) Wednesday
+(0x5) Thursday
+(0x6) Friday
+(0x7) Saturday
+(0x8) Never (default)
-- (0x0) Every Day
-- (0x1) Sunday
-- (0x2) Monday
-- (0x3) Tuesday
-- (0x4) Wednesday
-- (0x5) Thursday
-- (0x6) Friday
-- (0x7) Saturday
-- (0x8) Never (default)
+- If you enable this setting, a scheduled scan will run at the frequency specified.
-If you enable this setting, a scheduled scan will run at the frequency specified.
+- If you disable or do not configure this setting, a scheduled scan will run at a default frequency.
+
-If you disable or don't configure this setting, a scheduled scan will run at a default frequency.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Specify the day of the week to run a scheduled scan*
-- GP name: *Scan_ScheduleDay*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime**
+| Name | Value |
+|:--|:--|
+| Name | Scan_ScheduleDay |
+| Friendly Name | Specify the day of the week to run a scheduled scan |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | ScheduleDay |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## Scan_ScheduleTime
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime
+```
+
-
-
-
-
+
+
This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing.
-If you enable this setting, a scheduled scan will run at the time of day specified.
-
-If you disable or don't configure this setting, a scheduled scan will run at a default time.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Specify the time of day to run a scheduled scan*
-- GP name: *Scan_ScheduleTime*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It's recommended that this setting remains disabled.
-
-If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence are disabled.
-
-If you disable or don't configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it's set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Allow antimalware service to remain running always*
-- GP name: *ServiceKeepAlive*
-- GP path: *Windows Components\Microsoft Defender Antivirus*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.
-
-We don't recommend setting the value to less than 2 days to prevent machines from going out of date.
-
-If you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update.
-
-If you disable or don't configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Define the number of days before spyware security intelligence is considered out of date*
-- GP name: *SignatureUpdate_ASSignatureDue*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
-
-If you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update.
-
-If you disable or don't configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Define the number of days before virus security intelligence is considered out of date*
-- GP name: *SignatureUpdate_AVSignatureDue*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\\unc1 | \\\unc2 }". The list is empty by default.
-
-If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
-
-If you disable or don't configure this setting, the list will remain empty by default and no sources will be contacted.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Define file shares for downloading security intelligence updates*
-- GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting allows you to configure the automatic scan that starts after a security intelligence update has occurred.
-
-If you enable or don't configure this setting, a scan will start following a security intelligence update.
-
-If you disable this setting, a scan won't start following a security intelligence update.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Turn on scan after security intelligence update*
-- GP name: *SignatureUpdate_DisableScanOnUpdate*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+- If you enable this setting, a scheduled scan will run at the time of day specified.
+
+- If you disable or do not configure this setting, a scheduled scan will run at a default time.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Scan_ScheduleTime |
+| Friendly Name | Specify the time of day to run a scheduled scan |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | ScheduleTime |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## ServiceKeepAlive
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive
+```
+
+
+
+
+This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware security intelligence is disabled. It is recommended that this setting remain disabled.
+
+- If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware security intelligence is disabled.
+
+- If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware security intelligence is disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware security intelligence is enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ServiceKeepAlive |
+| Friendly Name | Allow antimalware service to remain running always |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender |
+| Registry Value Name | ServiceKeepAlive |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## SignatureUpdate_ASSignatureDue
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue
+```
+
+
+
+
+This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.
+
+- If you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update.
+
+- If you disable or do not configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_ASSignatureDue |
+| Friendly Name | Define the number of days before spyware security intelligence is considered out of date |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | ASSignatureDue |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## SignatureUpdate_AVSignatureDue
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue
+```
+
+
+
+
+This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.
+
+- If you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update.
+
+- If you disable or do not configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_AVSignatureDue |
+| Friendly Name | Define the number of days before virus security intelligence is considered out of date |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | AVSignatureDue |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## SignatureUpdate_DefinitionUpdateFileSharesSources
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources
+```
+
+
+
+
+This policy setting allows you to configure UNC file share sources for downloading security intelligence updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default.
+
+- If you enable this setting, the specified sources will be contacted for security intelligence updates. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
+
+- If you disable or do not configure this setting, the list will remain empty by default and no sources will be contacted.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_DefinitionUpdateFileSharesSources |
+| Friendly Name | Define file shares for downloading security intelligence updates |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## SignatureUpdate_DisableScanOnUpdate
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate
+```
+
+
+
+
+This policy setting allows you to configure the automatic scan which starts after a security intelligence update has occurred.
+
+- If you enable or do not configure this setting, a scan will start following a security intelligence update.
+
+- If you disable this setting, a scan will not start following a security intelligence update.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_DisableScanOnUpdate |
+| Friendly Name | Turn on scan after security intelligence update |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | DisableScanOnUpdate |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## SignatureUpdate_DisableScheduledSignatureUpdateonBattery
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery
+```
+
+
+
+
This policy setting allows you to configure security intelligence updates when the computer is running on battery power.
-If you enable or don't configure this setting, security intelligence updates will occur as usual regardless of power state.
+- If you enable or do not configure this setting, security intelligence updates will occur as usual regardless of power state.
-If you disable this setting, security intelligence updates will be turned off while the computer is running on battery power.
+- If you disable this setting, security intelligence updates will be turned off while the computer is running on battery power.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Allow security intelligence updates when running on battery power*
-- GP name: *SignatureUpdate_DisableScheduledSignatureUpdateonBattery*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_DisableScheduledSignatureUpdateonBattery |
+| Friendly Name | Allow security intelligence updates when running on battery power |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | DisableScheduledSignatureUpdateOnBattery |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_DisableUpdateOnStartupWithoutEngine
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine
+```
+
-
-
-This policy setting allows you to configure security intelligence updates on startup when there's no antimalware engine present.
+
+
+This policy setting allows you to configure security intelligence updates on startup when there is no antimalware engine present.
-If you enable or don't configure this setting, security intelligence updates will be initiated on startup when there's no antimalware engine present.
+- If you enable or do not configure this setting, security intelligence updates will be initiated on startup when there is no antimalware engine present.
-If you disable this setting, security intelligence updates won't be initiated on startup when there's no antimalware engine present.
+- If you disable this setting, security intelligence updates will not be initiated on startup when there is no antimalware engine present.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Initiate security intelligence update on startup*
-- GP name: *SignatureUpdate_DisableUpdateOnStartupWithoutEngine*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_DisableUpdateOnStartupWithoutEngine |
+| Friendly Name | Initiate security intelligence update on startup |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | DisableUpdateOnStartupWithoutEngine |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_FallbackOrder
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder
+```
+
-
-
-This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: “InternalDefinitionUpdateServer”, “MicrosoftUpdateServer”, “MMPC”, and “FileShares”.
+
+
+This policy setting allows you to define the order in which different security intelligence update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the security intelligence update sources in order. Possible values are: "InternalDefinitionUpdateServer", "MicrosoftUpdateServer", "MMPC", and "FileShares"
For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }
-If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
+- If you enable this setting, security intelligence update sources will be contacted in the order specified. Once security intelligence updates have been successfully downloaded from one specified source, the remaining sources in the list will not be contacted.
-If you disable or don't configure this setting, security intelligence update sources will be contacted in a default order.
+- If you disable or do not configure this setting, security intelligence update sources will be contacted in a default order.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Define the order of sources for downloading security intelligence updates*
-- GP name: *SignatureUpdate_FallbackOrder*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_FallbackOrder |
+| Friendly Name | Define the order of sources for downloading security intelligence updates |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_ForceUpdateFromMU
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU
+```
+
-
-
+
+
This policy setting allows you to enable download of security intelligence updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.
-If you enable this setting, security intelligence updates will be downloaded from Microsoft Update.
+- If you enable this setting, security intelligence updates will be downloaded from Microsoft Update.
-If you disable or don't configure this setting, security intelligence updates will be downloaded from the configured download source.
+- If you disable or do not configure this setting, security intelligence updates will be downloaded from the configured download source.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Allow security intelligence updates from Microsoft Update*
-- GP name: *SignatureUpdate_ForceUpdateFromMU*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_ForceUpdateFromMU |
+| Friendly Name | Allow security intelligence updates from Microsoft Update |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | ForceUpdateFromMU |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_RealtimeSignatureDelivery
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery
+```
+
-
-
+
+
This policy setting allows you to enable real-time security intelligence updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest security intelligence update has security intelligence for a threat involving that file, the service will receive all of the latest security intelligence for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work.
-If you enable or don't configure this setting, real-time security intelligence updates will be enabled.
+- If you enable or do not configure this setting, real-time security intelligence updates will be enabled.
-If you disable this setting, real-time security intelligence updates will be disabled.
+- If you disable this setting, real-time security intelligence updates will disabled.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS*
-- GP name: *SignatureUpdate_RealtimeSignatureDelivery*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_RealtimeSignatureDelivery |
+| Friendly Name | Allow real-time security intelligence updates based on reports to Microsoft MAPS |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | RealtimeSignatureDelivery |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_ScheduleDay
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay
+```
+
-
-
+
+
This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all.
This setting can be configured with the following ordinal number values:
+(0x0) Every Day (default)
+(0x1) Sunday
+(0x2) Monday
+(0x3) Tuesday
+(0x4) Wednesday
+(0x5) Thursday
+(0x6) Friday
+(0x7) Saturday
+(0x8) Never
-- (0x0) Every Day (default)
-- (0x1) Sunday
-- (0x2) Monday
-- (0x3) Tuesday
-- (0x4) Wednesday
-- (0x5) Thursday
-- (0x6) Friday
-- (0x7) Saturday
-- (0x8) Never
+- If you enable this setting, the check for security intelligence updates will occur at the frequency specified.
-If you enable this setting, the check for security intelligence updates will occur at the frequency specified.
+- If you disable or do not configure this setting, the check for security intelligence updates will occur at a default frequency.
+
-If you disable or don't configure this setting, the check for security intelligence updates will occur at a default frequency.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Specify the day of the week to check for security intelligence updates*
-- GP name: *SignatureUpdate_ScheduleDay*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime**
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_ScheduleDay |
+| Friendly Name | Specify the day of the week to check for security intelligence updates |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | ScheduleDay |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## SignatureUpdate_ScheduleTime
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime
+```
+
-
-
-
-
+
+
This policy setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.
-If you enable this setting, the check for security intelligence updates will occur at the time of day specified.
+- If you enable this setting, the check for security intelligence updates will occur at the time of day specified.
-If you disable or don't configure this setting, the check for security intelligence updates will occur at the default time.
+- If you disable or do not configure this setting, the check for security intelligence updates will occur at the default time.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Specify the time to check for security intelligence updates*
-- GP name: *SignatureUpdate_ScheduleTime*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_ScheduleTime |
+| Friendly Name | Specify the time to check for security intelligence updates |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | ScheduleTime |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_SharedSignaturesLocation
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation
+```
+
-
-
+
+
This policy setting allows you to define the security intelligence location for VDI-configured computers.
-If you disable or don't configure this setting, security intelligence will be referred from the default local source.
+- If you disable or do not configure this setting, security intelligence will be referred from the default local source.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Define security intelligence location for VDI clients.*
-- GP name: *SignatureUpdate_SharedSignaturesLocation*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_SharedSignaturesLocation |
+| Friendly Name | Define security intelligence location for VDI clients. |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_SignatureDisableNotification
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification
+```
+
-
-
+
+
This policy setting allows you to configure the antimalware service to receive notifications to disable individual security intelligence in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable security intelligence that are causing false positive reports. You must have configured your computer to join Microsoft MAPS for this functionality to work.
-If you enable this setting or don't configure, the antimalware service will receive notifications to disable security intelligence.
+- If you enable this setting or do not configure, the antimalware service will receive notifications to disable security intelligence.
-If you disable this setting, the antimalware service won't receive notifications to disable security intelligence.
+- If you disable this setting, the antimalware service will not receive notifications to disable security intelligence.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS*
-- GP name: *SignatureUpdate_SignatureDisableNotification*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_SignatureDisableNotification |
+| Friendly Name | Allow notifications to disable security intelligence based reports to Microsoft MAPS |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | SignatureDisableNotification |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_SignatureUpdateCatchupInterval
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval
+```
+
-
-
+
+
This policy setting allows you to define the number of days after which a catch-up security intelligence update will be required. By default, the value of this setting is 1 day.
-If you enable this setting, a catch-up security intelligence update will occur after the specified number of days.
+- If you enable this setting, a catch-up security intelligence update will occur after the specified number of days.
-If you disable or don't configure this setting, a catch-up security intelligence update will be required after the default number of days.
+- If you disable or do not configure this setting, a catch-up security intelligence update will be required after the default number of days.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Define the number of days after which a catch-up security intelligence update is required*
-- GP name: *SignatureUpdate_SignatureUpdateCatchupInterval*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_SignatureUpdateCatchupInterval |
+| Friendly Name | Define the number of days after which a catch-up security intelligence update is required |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | SignatureUpdateCatchupInterval |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## SignatureUpdate_UpdateOnStartup
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup
+```
+
-
-
+
+
This policy setting allows you to manage whether a check for new virus and spyware security intelligence will occur immediately after service startup.
-If you enable this setting, a check for new security intelligence will occur after service startup.
+- If you enable this setting, a check for new security intelligence will occur after service startup.
-If you disable this setting or don't configure this setting, a check for new security intelligence won't occur after service startup.
+- If you disable this setting or do not configure this setting, a check for new security intelligence will not occur after service startup.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Check for the latest virus and spyware security intelligence on startup*
-- GP name: *SignatureUpdate_UpdateOnStartup*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/SpynetReporting**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SignatureUpdate_UpdateOnStartup |
+| Friendly Name | Check for the latest virus and spyware security intelligence on startup |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Security Intelligence Updates |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Signature Updates |
+| Registry Value Name | UpdateOnStartUp |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Spynet_LocalSettingOverrideSpynetReporting
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting
+```
+
-
-
+
+
+This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy.
+
+- If you enable this setting, the local preference setting will take priority over Group Policy.
+
+- If you disable or do not configure this setting, Group Policy will take priority over the local preference setting.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Spynet_LocalSettingOverrideSpynetReporting |
+| Friendly Name | Configure local setting override for reporting to Microsoft MAPS |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > MAPS |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Spynet |
+| Registry Value Name | LocalSettingOverrideSpynetReporting |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
+
+
+
+
+
+## SpynetReporting
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/SpynetReporting
+```
+
+
+
+
This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.
-You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft won't use this information to identify you or contact you.
+You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.
Possible options are:
-
-- (0x0) Disabled (default)
-- (0x1) Basic membership
-- (0x2) Advanced membership
+(0x0) Disabled (default)
+(0x1) Basic membership
+(0x2) Advanced membership
Basic membership will send basic information to Microsoft about software that has been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the actions were successful.
Advanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer.
-If you enable this setting, you'll join Microsoft MAPS with the membership specified.
+- If you enable this setting, you will join Microsoft MAPS with the membership specified.
-If you disable or don't configure this setting, you won't join Microsoft MAPS.
+- If you disable or do not configure this setting, you will not join Microsoft MAPS.
In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Join Microsoft MAPS*
-- GP name: *SpynetReporting*
-- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
-- GP ADMX file name: *WindowsDefender.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | SpynetReporting |
+| Friendly Name | Join Microsoft MAPS |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > MAPS |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Spynet |
+| Registry Value Name | SpynetReporting |
+| ADMX File Name | WindowsDefender.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Threats_ThreatIdDefaultAction
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction
+```
+
-
-
- This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Policy.
-
-If you enable this setting, the local preference setting will take priority over Policy.
-
-If you disable or don't configure this setting, Policy will take priority over the local preference setting.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure local setting override for reporting to Microsoft MAPS*
-- GP name: *Spynet_LocalSettingOverrideSpynetReporting*
-- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
-- GP ADMX file name: *WindowsDefender.admx*
-
-
-
-
-
-
-
-**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting customizes which remediation action will be taken for each listed Threat ID when it's detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
+
+
+This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
Valid remediation action values are:
+2 = Quarantine
+3 = Remove
+6 = Ignore
+
-- 2 = Quarantine
-- 3 = Remove
-- 6 = Ignore
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Specify threats upon which default action should not be taken when detected*
-- GP name: *Threats_ThreatIdDefaultAction*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Threats*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString**
+| Name | Value |
+|:--|:--|
+| Name | Threats_ThreatIdDefaultAction |
+| Friendly Name | Specify threats upon which default action should not be taken when detected |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Threats |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Threats |
+| Registry Value Name | Threats_ThreatIdDefaultAction |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## UX_Configuration_CustomDefaultActionToastString
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString
+```
+
-
+
+
+This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
-
-
-This policy setting allows you to configure whether or not to display more text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
+- If you enable this setting, the additional text specified will be displayed.
-If you enable this setting, the extra text specified will be displayed.
+- If you disable or do not configure this setting, there will be no additional text displayed.
+
-If you disable or don't configure this setting, there will be no extra text displayed.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Display additional text to clients when they need to perform an action*
-- GP name: *UX_Configuration_CustomDefaultActionToastString*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress**
+| Name | Value |
+|:--|:--|
+| Name | UX_Configuration_CustomDefaultActionToastString |
+| Friendly Name | Display additional text to clients when they need to perform an action |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Client Interface |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\UX Configuration |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## UX_Configuration_Notification_Suppress
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress
+```
+
-
-
-
-
+
+
Use this policy setting to specify if you want Microsoft Defender Antivirus notifications to display on clients.
+- If you disable or do not configure this setting, Microsoft Defender Antivirus notifications will display on clients.
-If you disable or don't configure this setting, Microsoft Defender Antivirus notifications will display on clients.
+- If you enable this setting, Microsoft Defender Antivirus notifications will not display on clients.
+
-If you enable this setting, Microsoft Defender Antivirus notifications won't display on clients.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Suppress all notifications*
-- GP name: *UX_Configuration_Notification_Suppress*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification**
+| Name | Value |
+|:--|:--|
+| Name | UX_Configuration_Notification_Suppress |
+| Friendly Name | Suppress all notifications |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Client Interface |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\UX Configuration |
+| Registry Value Name | Notification_Suppress |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## UX_Configuration_SuppressRebootNotification
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification
+```
+
-
+
+
+This policy setting allows user to supress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
-
-
-This policy setting allows user to suppress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
+- If you enable this setting AM UI won't show reboot notifications.
+
-If you enable this setting, AM UI won't show reboot notifications.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Suppresses reboot notifications*
-- GP name: *UX_Configuration_SuppressRebootNotification*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
-
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown**
+| Name | Value |
+|:--|:--|
+| Name | UX_Configuration_SuppressRebootNotification |
+| Friendly Name | Suppresses reboot notifications |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Client Interface |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\UX Configuration |
+| Registry Value Name | SuppressRebootNotification |
+| ADMX File Name | WindowsDefender.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## UX_Configuration_UILockdown
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown
+```
+
-
-
-
-
+
+
This policy setting allows you to configure whether or not to display AM UI to the users.
+- If you enable this setting AM UI won't be available to users.
+
-If you enable this setting, AM UI won't be available to users.
+
+
+
-
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Enable headless UI mode*
-- GP name: *UX_Configuration_UILockdown*
-- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
-- GP ADMX file name: *WindowsDefender.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-
+**ADMX mapping**:
+| Name | Value |
+|:--|:--|
+| Name | UX_Configuration_UILockdown |
+| Friendly Name | Enable headless UI mode |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Client Interface |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\UX Configuration |
+| Registry Value Name | UILockdown |
+| ADMX File Name | WindowsDefender.admx |
+
+
+
+
-
+
-## Related topics
+
+
+
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index cde0000329..432f506c62 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -1,333 +1,379 @@
---
-title: Policy CSP - ADMX_MMC
-description: Learn about Policy CSP - ADMX_MMC.
+title: ADMX_MMC Policy CSP
+description: Learn more about the ADMX_MMC Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 09/03/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_MMC
->[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+
+> [!TIP]
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_MMC policies
+
+## MMC_ActiveXControl
-
- -
- ADMX_MMC/MMC_ActiveXControl
-
- -
- ADMX_MMC/MMC_ExtendView
-
- -
- ADMX_MMC/MMC_LinkToWeb
-
- -
- ADMX_MMC/MMC_Restrict_Author
-
- -
- ADMX_MMC/MMC_Restrict_To_Permitted_Snapins
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_ActiveXControl
+```
+
-
+
+
+Permits or prohibits use of this snap-in.
-
-**ADMX_MMC/MMC_ActiveXControl**
+- If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
-
+If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
-
-
+To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
-> [!div class = "checklist"]
-> * User
+To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
-
+When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+
-
-
-This policy setting permits or prohibits use of this snap-in.
+
+
+
-If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
+
+**Description framework properties**:
-If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited.
+**ADMX mapping**:
-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited.
+| Name | Value |
+|:--|:--|
+| Name | MMC_ActiveXControl |
+| Friendly Name | ActiveX Control |
+| Location | User Configuration |
+| Path | Windows Components > Microsoft Management Console > Restricted/Permitted snap-ins |
+| Registry Key Name | Software\Policies\Microsoft\MMC\{C96401CF-0E17-11D3-885B-00C04F72C717} |
+| Registry Value Name | Restrict_Run |
+| ADMX File Name | MMC.admx |
+
-To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted.
+
+
+
-When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
+
-
+
+## MMC_ExtendView
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-ADMX Info:
-- GP Friendly name: *ActiveX Control*
-- GP name: *MMC_ActiveXControl*
-- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
-- GP ADMX file name: *MMC.admx*
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_ExtendView
+```
+
-
-
-
+
+
+Permits or prohibits use of this snap-in.
-
-**ADMX_MMC/MMC_ExtendView**
+- If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
-
+If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
-
-
+To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
-> [!div class = "checklist"]
-> * User
+To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
-
+When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+
-
-
-This policy setting permits or prohibits use of this snap-in.
+
+
+
-If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
+
+**Description framework properties**:
-If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited.
+**ADMX mapping**:
-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited.
+| Name | Value |
+|:--|:--|
+| Name | MMC_ExtendView |
+| Friendly Name | Extended View (Web View) |
+| Location | User Configuration |
+| Path | Windows Components > Microsoft Management Console > Restricted/Permitted snap-ins > Extension snap-ins |
+| Registry Key Name | Software\Policies\Microsoft\MMC\{B708457E-DB61-4C55-A92F-0D4B5E9B1224} |
+| Registry Value Name | Restrict_Run |
+| ADMX File Name | MMC.admx |
+
-To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted.
+
+
+
-When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
+
-
+
+## MMC_LinkToWeb
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-ADMX Info:
-- GP Friendly name: *Extended View (Web View)*
-- GP name: *MMC_ExtendView*
-- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
-- GP ADMX file name: *MMC.admx*
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_LinkToWeb
+```
+
-
-
-
+
+
+Permits or prohibits use of this snap-in.
-
-**ADMX_MMC/MMC_LinkToWeb**
+- If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
-
+If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.
-
-
+To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.
-> [!div class = "checklist"]
-> * User
+To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
-
+When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
+
-
-
-This policy setting permits or prohibits use of this snap-in.
+
+
+
-If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
+
+**Description framework properties**:
-If this setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those snap-ins explicitly permitted.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-To explicitly permit use of this snap-in, enable this setting. If this setting isn't configured (or disabled), this snap-in is prohibited.
+**ADMX mapping**:
-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those snap-ins explicitly prohibited.
+| Name | Value |
+|:--|:--|
+| Name | MMC_LinkToWeb |
+| Friendly Name | Link to Web Address |
+| Location | User Configuration |
+| Path | Windows Components > Microsoft Management Console > Restricted/Permitted snap-ins |
+| Registry Key Name | Software\Policies\Microsoft\MMC\{C96401D1-0E17-11D3-885B-00C04F72C717} |
+| Registry Value Name | Restrict_Run |
+| ADMX File Name | MMC.admx |
+
-To explicitly prohibit use of this snap-in, disable this setting. If this setting isn't configured (or enabled), the snap-in is permitted.
+
+
+
-When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
+
-
+
+## MMC_Restrict_Author
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-ADMX Info:
-- GP Friendly name: *Link to Web Address*
-- GP name: *MMC_LinkToWeb*
-- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
-- GP ADMX file name: *MMC.admx*
-
-
-
-
-
-
-**ADMX_MMC/MMC_Restrict_Author**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy setting prevents users from entering author mode.
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_Restrict_Author
+```
+
+
+
+
+Prevents users from entering author mode.
This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.
-As a result, users can't create console files or add or remove snap-ins. Also, because they can't open author-mode console files, they can't use the tools that the files contain.
+As a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.
-This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users can't open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also can't open a blank MMC console window from a command prompt.
+This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt.
-If you disable this setting or don't configure it, users can enter author mode and open author-mode console files.
+- If you disable this setting or do not configure it, users can enter author mode and open author-mode console files.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Restrict the user from entering author mode*
-- GP name: *MMC_Restrict_Author*
-- GP path: *Windows Components\Microsoft Management Console*
-- GP ADMX file name: *MMC.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | MMC_Restrict_Author |
+| Friendly Name | Restrict the user from entering author mode |
+| Location | User Configuration |
+| Path | Windows Components > Microsoft Management Console |
+| Registry Key Name | Software\Policies\Microsoft\MMC |
+| Registry Value Name | RestrictAuthorMode |
+| ADMX File Name | MMC.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## MMC_Restrict_To_Permitted_Snapins
-> [!div class = "checklist"]
-> * User
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_MMC/MMC_Restrict_To_Permitted_Snapins
+```
+
-
-
-This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
+
+
+Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
-- If you enable this setting, all snap-ins are prohibited, except those snap-ins that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.
+- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.
To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited.
-- If you disable this setting or don't configure it, all snap-ins are permitted, except those snap-ins that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.
+- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.
To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted.
-When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
+When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.
> [!NOTE]
-> If you enable this setting, and you don't enable any settings in the Restricted/Permitted snap-ins folder, users can't use any MMC snap-ins.
+> If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Restrict users to the explicitly permitted list of snap-ins*
-- GP name: *MMC_Restrict_To_Permitted_Snapins*
-- GP path: *Windows Components\Microsoft Management Console*
-- GP ADMX file name: *MMC.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+**ADMX mapping**:
+| Name | Value |
+|:--|:--|
+| Name | MMC_Restrict_To_Permitted_Snapins |
+| Friendly Name | Restrict users to the explicitly permitted list of snap-ins |
+| Location | User Configuration |
+| Path | Windows Components > Microsoft Management Console |
+| Registry Key Name | Software\Policies\Microsoft\MMC |
+| Registry Value Name | RestrictToPermittedSnapins |
+| ADMX File Name | MMC.admx |
+
-
+
+
+
-## Related topics
+
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index 3efeeafc81..0d81b19812 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -1,83 +1,92 @@
---
-title: Policy CSP - ADMX_PushToInstall
-description: Learn about Policy CSP - ADMX_PushToInstall.
+title: ADMX_PushToInstall Policy CSP
+description: Learn more about the ADMX_PushToInstall Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/01/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_PushToInstall
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_PushToInstall policies
+
+## DisablePushToInstall
-
- -
- ADMX_PushToInstall/DisablePushToInstall
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_PushToInstall/DisablePushToInstall
+```
+
-
+
+
+- If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
+
-
-**ADMX_PushToInstall/DisablePushToInstall**
+
+
+
-
+
+**Description framework properties**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+**ADMX mapping**:
-> [!div class = "checklist"]
-> * Device
+| Name | Value |
+|:--|:--|
+| Name | DisablePushToInstall |
+| Friendly Name | Turn off Push To Install service |
+| Location | Computer Configuration |
+| Path | Windows Components > Push To Install |
+| Registry Key Name | Software\Policies\Microsoft\PushToInstall |
+| Registry Value Name | DisablePushToInstall |
+| ADMX File Name | PushToInstall.admx |
+
-
+
+
+
-
-
-If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Turn off Push To Install service*
-- GP name: *DisablePushToInstall*
-- GP path: *Windows Components\Push To Install*
-- GP ADMX file name: *PushToInstall.admx*
+
-
-
+## Related articles
-
-
-## Related topics
-
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index 13a94d8fbf..fcc3ae8253 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -1,99 +1,104 @@
---
-title: Policy CSP - ADMX_Radar
-description: Learn about Policy CSP - ADMX_Radar.
+title: ADMX_Radar Policy CSP
+description: Learn more about the ADMX_Radar Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/08/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_Radar
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_Radar policies
+
+## WdiScenarioExecutionPolicy
-
- -
- ADMX_Radar/WdiScenarioExecutionPolicy
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Radar/WdiScenarioExecutionPolicy
+```
+
-
+
+
+Determines the execution level for Windows Resource Exhaustion Detection and Resolution.
-
-**ADMX_Radar/WdiScenarioExecutionPolicy**
+- If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
-
+- If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+- If you do not configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
-
-
+This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+No system restart or service restart is required for this policy to take effect: changes take effect immediately.
-> [!div class = "checklist"]
-> * Device
+This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
-
+
+
+
-
-
-This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
+
+**Description framework properties**:
-If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
+**ADMX mapping**:
-If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+| Name | Value |
+|:--|:--|
+| Name | WdiScenarioExecutionPolicy |
+| Friendly Name | Configure Scenario Execution Level |
+| Location | Computer Configuration |
+| Path | System > Troubleshooting and Diagnostics > Windows Resource Exhaustion Detection and Resolution |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867} |
+| Registry Value Name | ScenarioExecutionEnabled |
+| ADMX File Name | Radar.admx |
+
-No system restart or service restart is required for this policy to take effect; changes take effect immediately.
+
+
+
->[!Note]
-> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios won't be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Configure Scenario Execution Level*
-- GP name: *WdiScenarioExecutionPolicy*
-- GP path: *System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution*
-- GP ADMX file name: *Radar.admx*
+
-
+## Related articles
-
-
-
-
-
-## Related topics
-
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index 9a1a7a7fd8..a66d9243e6 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -1,142 +1,160 @@
---
-title: Policy CSP - ADMX_SoundRec
-description: Learn about Policy CSP - ADMX_SoundRec.
+title: ADMX_SoundRec Policy CSP
+description: Learn more about the ADMX_SoundRec Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/01/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_SoundRec
-
-
-
-## ADMX_SoundRec policies
-
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
- -
- ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1
-
- -
- ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2
-
-
+
+
+
+
+## Soundrec_DiableApplication_TitleText_1
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1**
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1
+```
+
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy specifies whether Sound Recorder can run.
+
+
+Specifies whether Sound Recorder can run.
Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you enable this policy setting, Sound Recorder won't run.
+- If you enable this policy setting, Sound Recorder will not run.
-If you disable or don't configure this policy setting, Sound Recorder can run.
+- If you disable or do not configure this policy setting, Sound Recorder can be run.
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Do not allow Sound Recorder to run*
-- GP name: *Soundrec_DiableApplication_TitleText_1*
-- GP path: *Windows Components\Sound Recorder*
-- GP ADMX file name: *SettingSync.admx*
+
+**Description framework properties**:
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | Soundrec_DiableApplication_TitleText_1 |
+| Friendly Name | Do not allow Sound Recorder to run |
+| Location | User Configuration |
+| Path | Windows Components > Sound Recorder |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\SoundRecorder |
+| Registry Value Name | Soundrec |
+| ADMX File Name | SoundRec.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## Soundrec_DiableApplication_TitleText_2
-> [!div class = "checklist"]
-> * User
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2
+```
+
-
-
-This policy specifies whether Sound Recorder can run.
+
+
+Specifies whether Sound Recorder can run.
Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you enable this policy setting, Sound Recorder won't run.
+- If you enable this policy setting, Sound Recorder will not run.
-If you disable or don't configure this policy setting, Sound Recorder can be run.
+- If you disable or do not configure this policy setting, Sound Recorder can be run.
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Do not allow Sound Recorder to run*
-- GP name: *Soundrec_DiableApplication_TitleText_2*
-- GP path: *Windows Components\Sound Recorder*
-- GP ADMX file name: *SettingSync.admx*
+
+**Description framework properties**:
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-## Related topics
+**ADMX mapping**:
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+| Name | Value |
+|:--|:--|
+| Name | Soundrec_DiableApplication_TitleText_2 |
+| Friendly Name | Do not allow Sound Recorder to run |
+| Location | Computer Configuration |
+| Path | Windows Components > Sound Recorder |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\SoundRecorder |
+| Registry Value Name | Soundrec |
+| ADMX File Name | SoundRec.admx |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index d56e6b36ff..bf1efd462a 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -1,137 +1,277 @@
---
-title: Policy CSP - ADMX_srmfci
-description: Learn about Policy CSP - ADMX_srmfci.
+title: ADMX_srmfci Policy CSP
+description: Learn more about the ADMX_srmfci Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 09/18/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_srmfci
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_srmfci policies
+
+## AccessDeniedConfiguration
-
- -
- ADMX_srmfci/EnableShellAccessCheck
-
- -
- ADMX_srmfci/AccessDeniedConfiguration
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/AccessDeniedConfiguration
+```
+
-
+
+
+This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
-
-**ADMX_srmfci/EnableShellAccessCheck**
+- If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
-
+- If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration.
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+- If you do not configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+**Description framework properties**:
-> [!div class = "checklist"]
-> * Device
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-
-This group policy setting should be set on Windows clients to enable access-denied assistance for all file types.
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | AccessDeniedConfiguration |
+| Friendly Name | Customize message for Access Denied errors |
+| Location | Computer Configuration |
+| Path | System > Access-Denied Assistance |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied |
+| Registry Value Name | Enabled |
+| ADMX File Name | srm-fci.admx |
+
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Enable access-denied assistance on client for all file types*
-- GP name: *EnableShellAccessCheck*
-- GP path: *System\Access-Denied Assistance*
-- GP ADMX file name: *srmfci.admx*
+
-
-
-
+
+## CentralClassificationList
-
-**ADMX_srmfci/AccessDeniedConfiguration**
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/CentralClassificationList
+```
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+This policy setting controls which set of properties is available for classifying files on affected computers.
-
-
+Administrators can define the properties for the organization by using Active Directory Domain Services (AD DS), and then group these properties into lists. Administrators can supplement these properties on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+- If you enable this policy setting, you can select which list of properties is available for classification on the affected computers.
-> [!div class = "checklist"]
-> * Device
+- If you disable or do not configure this policy setting, the Global Resource Property List in AD DS provides the default set of properties.
+
-
+
+
+
-
-
-This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
+
+**Description framework properties**:
-If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | CentralClassificationList |
+| Friendly Name | File Classification Infrastructure: Specify classification properties list |
+| Location | Computer Configuration |
+| Path | System > File Classification Infrastructure |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\FCI |
+| ADMX File Name | srm-fci.admx |
+
-
-ADMX Info:
-- GP Friendly name: *Customize message for Access Denied errors*
-- GP name: *AccessDeniedConfiguration*
-- GP path: *System\Access-Denied Assistance*
-- GP ADMX file name: *srmfci.admx*
+
+
+
-
-
-
+
+
+## EnableManualUX
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-## Related topics
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/EnableManualUX
+```
+
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+
+
+This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer.
+
+The Classification tab enables users to manually classify files by selecting properties from a list. Administrators can define the properties for the organization by using Group Policy, and supplement these with properties defined on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.
+
+- If you enable this policy setting, the Classification tab is displayed.
+
+- If you disable or do not configure this policy setting, the Classification tab is hidden.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableManualUX |
+| Friendly Name | File Classification Infrastructure: Display Classification tab in File Explorer |
+| Location | Computer Configuration |
+| Path | System > File Classification Infrastructure |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\FCI |
+| Registry Value Name | EnableManualUX |
+| ADMX File Name | srm-fci.admx |
+
+
+
+
+
+
+
+
+
+## EnableShellAccessCheck
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/EnableShellAccessCheck
+```
+
+
+
+
+This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableShellAccessCheck |
+| Friendly Name | Enable access-denied assistance on client for all file types |
+| Location | Computer Configuration |
+| Path | System > Access-Denied Assistance |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Explorer |
+| Registry Value Name | EnableShellExecuteFileStreamCheck |
+| ADMX File Name | srm-fci.admx |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index 42a29e7391..302b351101 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -1,136 +1,156 @@
---
-title: Policy CSP - ADMX_WindowsColorSystem
-description: Policy CSP - ADMX_WindowsColorSystem
+title: ADMX_WindowsColorSystem Policy CSP
+description: Learn more about the ADMX_WindowsColorSystem Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/09/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 10/27/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_WindowsColorSystem
-
-
-
-## ADMX_WindowsColorSystem policies
-
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
- -
- ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1
-
- -
- ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2
-
-
+
+
+
+
+## ProhibitChangingInstalledProfileList_1
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-**WindowsColorSystem/ProhibitChangingInstalledProfileList_1**
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1
+```
+
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting affects the ability of users to install or uninstall color profiles.
- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Prohibit installing or uninstalling color profiles*
-- GP name: *ProhibitChangingInstalledProfileList_1*
-- GP path: *Windows Components\Windows Color System*
-- GP ADMX file name: *WindowsColorSystem.admx*
+
+**Description framework properties**:
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**WindowsColorSystem/ProhibitChangingInstalledProfileList_2**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | ProhibitChangingInstalledProfileList_1 |
+| Friendly Name | Prohibit installing or uninstalling color profiles |
+| Location | User Configuration |
+| Path | Windows Components > Windows Color System |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsColorSystem |
+| Registry Value Name | ProhibitInstallUninstall |
+| ADMX File Name | WindowsColorSystem.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * User
+
+## ProhibitChangingInstalledProfileList_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2
+```
+
+
+
+
This policy setting affects the ability of users to install or uninstall color profiles.
- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Prohibit installing or uninstalling color profiles*
-- GP name: *ProhibitChangingInstalledProfileList_2*
-- GP path: *Windows Components\Windows Color System*
-- GP ADMX file name: *WindowsColorSystem.admx*
+
+**Description framework properties**:
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | ProhibitChangingInstalledProfileList_2 |
+| Friendly Name | Prohibit installing or uninstalling color profiles |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Color System |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsColorSystem |
+| Registry Value Name | ProhibitInstallUninstall |
+| ADMX File Name | WindowsColorSystem.admx |
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 7cb6c243fb..cc7fc5a089 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -1,1001 +1,1145 @@
---
-title: Policy CSP - Printers
-description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers.
+title: Printers Policy CSP
+description: Learn more about the Printers Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
-ms.topic: article
+ms.date: 01/09/2023
+ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - Printers
-
-
-
-
-## Printers policies
-
-
- -
- Printers/ApprovedUsbPrintDevices
-
- -
- Printers/ApprovedUsbPrintDevicesUser
-
- -
- Printers/ConfigureCopyFilesPolicy
-
- -
- Printers/ConfigureDriverValidationLevel
-
- -
- Printers/ConfigureIppPageCountsPolicy
-
- -
- Printers/ConfigureRedirectionGuardPolicy
-
- -
- Printers/ConfigureRpcConnectionPolicy
-
- -
- Printers/ConfigureRpcListenerPolicy
-
- -
- Printers/ConfigureRpcTcpPort
-
- -
- Printers/EnableDeviceControl
-
- -
- Printers/EnableDeviceControlUser
-
- -
- Printers/ManageDriverExclusionList
-
- -
- Printers/PointAndPrintRestrictions
-
- -
- Printers/PointAndPrintRestrictions_User
-
- -
- Printers/PublishPrinters
-
- -
- Printers/RestrictDriverInstallationToAdministrators
-
-
-
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-**Printers/ApprovedUsbPrintDevices**
+
+## ApprovedUsbPrintDevices
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
-
-This policy will contain the comma-separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
-The format of this setting is `/[,/]`
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Support for new Device Control Print feature*
-- GP name: *ApprovedUsbPrintDevices*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-
-
-**Printers/ApprovedUsbPrintDevicesUser**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
-
-This policy will contain the comma separated list of approved USB Vid&Pid combinations that the print spooler will allow to print when Device Control is enabled.
-The format of this setting is `/[,/]`
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Support for new Device Control Print feature*
-- GP name: *ApprovedUsbPrintDevicesUser*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/ConfigureCopyFilesPolicy**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\CopyFilesPolicy` registry entry to restrict processing of the CopyFiles registry entries during printer connection installation. This registry key was added to the print system as part of the 9B security update.
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the code will default to *SyncCopyFilestoColorFolderOnly* as the value and process the CopyFiles entries as appropriate.
-
-If the policy object is Enabled, the code will read the *DWORD* value from the registry entry and act accordingly.
-
-The following are the supported values:
-
-Type: DWORD. Defaults to 1.
-
-- 0 (DisableCopyFiles) - Don't process any CopyFiles registry entries when installing printer connections.
-- 1 (SyncCopyFilestoColorFolderOnly) - Only allow CopyFiles entries that conform to the standard Color Profile scheme. This means entries using the Registry Key CopyFiles\ICM, containing a Directory value of COLOR and supporting mscms.dll as the Module value.
-- 2 (AllowCopyFile) - Allow any CopyFiles registry entries to be processed/created when installing printer connections.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Manage processing of Queue-specific files*
-- GP name: *ConfigureCopyFilesPolicy*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/ConfigureDriverValidationLevel**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-
-This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\Driver\ValidationLevel` registry entry to determine the print driver digital signatures. This registry key was added to the print system as part of the 10C security update.
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the code will default to *DriverValidationLevel_Legacy* as the value and process the print driver digital signatures as appropriate.
-
-If the policy object is Enabled, the code will read the *DWORD* value from the registry entry and act accordingly.
-
-The following are the supported values:
-
-Type: DWORD. Defaults to 4.
-
-- 0 (DriverValidationLevel_Inbox) - Only drivers that are shipped as part of a Windows image are allowed on this computer.
-- 1 (DriverValidationLevel_Trusted) - Only drivers that are shipped as part of a Windows image or drivers that are signed by certificates installed in the 'PrintDrivers' certificate store are allowed on this computer.
-- 2 (DriverValidationLevel_WHQL)- Only drivers allowed on this computer are those that are: shipped as part of a Windows image, signed by certificates installed in the 'PrintDrivers' certificate store, or signed by the Windows Hardware Quality Lab (WHQL).
-- 3 (DriverValidationLevel_TrustedShared) - Only drivers allowed on this computer are those that are: shipped as part of a Windows image, signed by certificates installed in the 'PrintDrivers' certificate store, signed by the Windows Hardware Quality Lab (WHQL), or signed by certificates installed in the 'Trusted Publishers' certificate store.
-- 4 (DriverValidationLevel_Legacy) - Any print driver that has a valid embedded signature or can be validated against the print driver catalog can be installed on this computer.
-
-
-
-ADMX Info:
-- GP Friendly name: *Manage Print Driver signature validation*
-- GP name: *ConfigureDriverValidationLevel*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/ConfigureIppPageCountsPolicy**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-
-This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\IPP\AlwaysSendIppPageCounts`registry entry to allow administrators to configure setting for the IPP print stack.
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the code will default to sending page count job accounting information for IPP print jobs only when necessary.
-
-If the policy object is Enabled, the code will always send page count job accounting information for IPP print jobs.
-
-The following are the supported values:
-
-AlwaysSendIppPageCounts: DWORD. Defaults to 0.
-
-- 0 (Disabled) - Job accounting information will not always be sent for IPP print jobs **(default)**.
-- 1 (Enabled) - Job accounting information will always be sent for IPP print jobs.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Always send job page count information for IPP printers*
-- GP name: *ConfigureIppPageCountsPolicy*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/ConfigureRedirectionGuardPolicy**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-
-This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\ConfigureRedirectionGuard` registry entry, which in turn is used to control the functionality of the Redirection Guard feature in the spooler process.
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the code will default to 1 (enabled) as the value and will prevent redirection primitives in the spooler from being used.
-
-If the policy object is Enabled, the code will read the *DWORD* value from the registry entry and act accordingly.
-
-The following are the supported values:
-
-Type: DWORD, defaults to 1.
-
-- 0 (Redirection Guard Disabled) - Redirection Guard is not enabled for the spooler process and will not prevent the use of redirection primitives within said process.
-- 1 (Redirection Guard Enabled) - Redirection Guard is enabled for the spooler process and will prevent the use of redirection primitives from being used.
-- 2 (Redirection Guard Audit Mode) - Redirection Guard will be disabled but will log telemetry events as though it were enabled.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure Redirection Guard*
-- GP name: *ConfigureRedirectionGuardPolicy*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/ConfigureRpcConnectionPolicy**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-
-This new Group Policy entry will be used to manage 2 new DWORD Values added under the `Software\Policies\Microsoft\Windows NT\Printers\RPC` registry key to allow administrators to configure RPC security settings used by RPC connections in the print stack.
-
-There are 2 values which can be configured:
-
-- RpcUseNamedPipeProtocol DWORD
- - 0: RpcOverTcp (default)
- - 1: RpcOverNamedPipes
-- RpcAuthentication DWORD
- - 0: RpcConnectionAuthenticationDefault (default)
- - 1: RpcConnectionAuthenticationEnabled
- - 2: RpcConnectionAuthenticationDisabled
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the code will default to *RpcOverTcp*, and RPC authentication enabled on domain joined machines and RPC authentication disabled on non domain joined machines.
-
-If the policy object is Enabled, the code will read the DWORD values from the registry entries and act accordingly.
-
-The following are the supported values:
-
-- Not configured or Disabled - The print stack makes RPC connections over TCP and enables RPC authentication on domain joined machines, but disables RPC authentication on non domain joined machines.
-- Enabled - The print stack reads from the registry to determine RPC protocols to connect on and whether to perform RPC authentication.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure RPC connection settings*
-- GP name: *ConfigureRpcConnectionPolicy*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/ConfigureRpcListenerPolicy**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-
-This new Group Policy entry will be used to manage 2 new DWORD Values added under the `Software\Policies\Microsoft\Windows NT\Printers\RPC` registry key to allow administrators to configure RPC security settings used by RPC listeners in the print stack.
-
-There are 2 values which can be configured:
-- RpcProtocols DWORD
- - 3: RpcOverNamedPipes - Only listen for incoming RPC connections using named pipes
- - 5: RpcOverTcp - Only listen for incoming RPC connections using TCP (default)
- - 7: RpcOverNamedPipesAndTcp - Listen for both RPC connections over named pipes over TCP
-- ForceKerberosForRpc DWORD
- - 0: RpcAuthenticationProtocol_Negotiate - Use Negotiate protocol for RPC connection authentication (default). Negotiate negotiates between Kerberos and NTLM depending on client/server support
- - 1: RpcAuthenticationProtocol_Kerberos - Only allow Kerberos protocol to be used for RPC authentication
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the code will default to *RpcOverTcp* and *RpcAuthenticationProtocol_Negotiate*.
-
-If the policy object is Enabled, the code will read the DWORD values from the registry entry and act accordingly.
-
-The following are the supported values:
-
-- Not configured or Disabled - The print stack listens for incoming RPC connections over TCP and uses Negotiate authentication protocol.
-- Enabled - The print stack reads from the registry to determine RPC protocols to listen on and authentication protocol to use.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure RPC listener settings*
-- GP name: *ConfigureRpcListenerPolicy*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/ConfigureRpcTcpPort**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-
-This new Group Policy entry will be used to manage a new DWORD Value added under the the `Software\Policies\Microsoft\Windows NT\Printers\RPC` registry key to allow administrators to configure RPC security settings used by RPC listeners and connections in the print stack.
-
-- RpcTcpPort DWORD
- - 0: Use dynamic TCP ports for RPC over TCP (default).
- - 1-65535: Use the given port for RPC over TCP.
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the code will default to dynamic ports for *RpcOverTcp*.
-
-If the policy object is Enabled, the code will read the DWORD values from the registry entry and act accordingly.
-
-The following are the supported values:
-
-- Not configured or Disabled - The print stack uses dynamic TCP ports for RPC over TCP.
-- Enabled - The print stack reads from the registry to determine which TCP port to use for RPC over TCP.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Configure RPC over TCP port*
-- GP name: *ConfigureRpcTcpPort*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/EnableDeviceControl**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
-
-This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
-
-The default value of the policy will be Unconfigured.
-
-If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing.
-
-If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Support for new Device Control Print feature*
-- GP name: *EnableDeviceControl*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-
-
-**Printers/EnableDeviceControlUser**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy implements the print portion of the Device Control requirements.
-These requirements include restricting printing to USB connected printers that match a list of approved USB Vid/Pid combinations or to corporate connected printers, while either directly connected to the corporate network or when using a VPN connection to the corporate network.
-
-This policy will control whether the print spooler will attempt to restrict printing as part of Device Control.
-
-The default value of the policy will be Unconfigured.
-
-If the policy value is either Unconfigured or Disabled, the print spooler won't restrict printing.
-
-If the policy value is Enabled, the print spooler will restrict local printing to USB devices in the Approved Device list.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Support for new Device Control Print feature*
-- GP name: *EnableDeviceControlUser*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-
-**Printers/ManageDriverExclusionList**
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-
-This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\Driver\ExclusionList` registry key to allow administrators to curate a set of print drivers that are not allowed to be installed on the computer. This registry key was added to the print system as part of the 10C security update.
-
-The default value of the policy will be Unconfigured.
-
-If the policy object is either Unconfigured or Disabled, the registry Key will not exist and there will not be a Print Driver exclusion list.
-
-If the policy object is Enabled, the ExclusionList Reg Key will contain one or more *REG_ZS* values that represent the list of excluded print driver INF or main DLL files. Tach *REG_SZ* value will have the file hash as the name and the file name as the data value.
-
-The following are the supported values:
-
-Create REG_SZ Values under key `Software\Policies\Microsoft\Windows NT\Printers\Driver\ExclusionList`
-
-Type: REG_SZ
-Value Name: Hash of excluded file
-Value Data: Name of excluded file
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Manage Print Driver exclusion list*
-- GP name: *ManageDriverExclusionList*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-
-
-
-**Printers/PointAndPrintRestrictions**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
-
-If you enable this policy setting:
-
-- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made.
-
-- You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated.
-
-If you don't configure this policy setting:
-
-- Windows Vista client computers can point and print to any server.
-
-- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print.
-
-- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated.
-
-- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
-
-If you disable this policy setting:
-
-- Windows Vista client computers can create a printer connection to any server using Point and Print.
-
-- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print.
-
-- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated.
-
-- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
-
-- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Point and Print Restrictions*
-- GP name: *PointAndPrint_Restrictions_Win7*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
-
-
-
-Example:
-
-```xml
-Name: Point and Print Enable Oma-URI: ./Device/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions
-Data type: String Value:
-
-
-
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevices
```
-
-
+
-
+
+
+This setting is a component of the Device Control Printing Restrictions. To use this setting, enable Device Control Printing by enabling the "Enable Device Control Printing Restrictions" setting.
-
-**Printers/PointAndPrintRestrictions_User**
+When Device Control Printing is enabled, the system uses the specified list of vid/pid values to determine if the current USB connected printer is approved for local printing.
-
+Type all the approved vid/pid combinations (separated by commas) that correspond to approved USB printer models. When a user tries to print to a USB printer queue the device vid/pid will be compared to the approved list.
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+The format of this setting is `/[,/]`.
+
-
-
+
+**Description framework properties**:
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-> [!div class = "checklist"]
-> * User
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-
-
+| Name | Value |
+|:--|:--|
+| Name | ApprovedUsbPrintDevices |
+| Friendly Name | List of Approved USB-connected print devices |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ApprovedUsbPrintDevicesUser
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevicesUser
+```
+
+
+
+
+This setting is a component of the Device Control Printing Restrictions. To use this setting, enable Device Control Printing by enabling the "Enable Device Control Printing Restrictions" setting.
+
+When Device Control Printing is enabled, the system uses the specified list of vid/pid values to determine if the current USB connected printer is approved for local printing.
+
+Type all the approved vid/pid combinations (separated by commas) that correspond to approved USB printer models. When a user tries to print to a USB printer queue the device vid/pid will be compared to the approved list.
+
+
+
+
+The format of this setting is `/[,/]`.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ApprovedUsbPrintDevicesUser |
+| Friendly Name | List of Approved USB-connected print devices |
+| Location | User Configuration |
+| Path | Control Panel > Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ConfigureCopyFilesPolicy
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureCopyFilesPolicy
+```
+
+
+
+
+Manages how Queue-specific files are processed during printer installation. At printer installation time, a vendor-supplied installation application can specify a set of files, of any type, to be associated with a particular print queue. The files are downloaded to each client that connects to the print server.
+
+You can enable this setting to change the default behavior involving queue-specific files. To use this setting, select one of the options below from the "Manage processing of Queue-specific files" box.
+
+- If you disable or do not configure this policy setting, the default behavior is "Limit Queue-specific files to Color profiles".
+
+- "Do not allow Queue-specific files" specifies that no queue-specific files will be allowed/processed during print queue/printer connection installation.
+
+- "Limit Queue-specific files to Color profiles" specifies that only queue-specific files that adhere to the standard color profile scheme will be allowed. This means entries using the Registry Key CopyFiles\ICM, containing a Directory value of COLOR and supporting mscms.dll as the Module value. "Limit Queue-specific files to Color profiles" is the default behavior.
+
+- "Allow all Queue-specific files" specifies that all queue-specific files will be allowed/processed during print queue/printer connection installation.
+
+
+
+
+The following are the supported values:
+
+- 0: Do not allow Queue-specific files.
+- 1 (Default): Limit Queue-specific files to Color profiles.
+- 2: Allow all Queue-specific files.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureCopyFilesPolicy |
+| Friendly Name | Manage processing of Queue-specific files |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ConfigureDriverValidationLevel
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureDriverValidationLevel
+```
+
+
+
+
+This policy setting controls the print driver signature validation mechanism. This policy controls the type of digital signature that is required for a print driver to be considered valid and installed on the system.
+
+As part of this validation the catalog/embedded signature is verified and all files in the driver must be a part of the catalog or have their own embedded signature that can be used for validation.
+
+You can enable this setting to change the default signature validation method. To use this setting, select one of the options below from the "Select the driver signature mechanism for this computer" box.
+
+- If you disable or do not configure this policy setting, the default method is "Allow all validly signed drivers".
+
+- "Require inbox signed drivers" specifies only drivers that are shipped as part of a Windows image are allowed on this computer.
+
+- "Allow inbox and PrintDrivers Trusted Store signed drivers" specifies only drivers that are shipped as part of a Windows image or drivers that are signed by certificates installed in the 'PrintDrivers' certificate store are allowed on this computer.
+
+- "Allow inbox, PrintDrivers Trusted Store, and WHQL signed drivers" specifies the only drivers allowed on this computer are those that are: shipped as part of a Windows image, signed by certificates installed in the 'PrintDrivers' certificate store, or signed by the Windows Hardware Quality Lab (WHQL).
+
+- "Allow inbox, PrintDrivers Trusted Store, WHQL, and Trusted Publishers Store signed drivers" specifies the only drivers allowed on this computer are those that are: shipped as part of a Windows image, signed by certificates installed in the 'PrintDrivers' certificate store, signed by the Windows Hardware Quality Lab (WHQL), or signed by certificates installed in the 'Trusted Publishers' certificate store.
+
+- "Allow all validly signed drivers" specifies that any print driver that has a valid embedded signature or can be validated against the print driver catalog can be installed on this computer.
+
+The 'PrintDrivers' certificate store needs to be created by an administrator under the local machine store location.
+
+The 'Trusted Publishers' certificate store can contain certificates from sources that are not related to print drivers.
+
+
+
+
+The following are the supported values:
+
+- 0: Require inbox signed drivers.
+- 1: Allow inbox and PrintDrivers Trusted Store signed drivers.
+- 2: Allow inbox, PrintDrivers Trusted Store, and WHQL signed drivers.
+- 3: Allow inbox, PrintDrivers Trusted Store, WHQL, and Trusted Publishers Store signed drivers.
+- 4 (Default): Allow all validly signed drivers.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureDriverValidationLevel |
+| Friendly Name | Manage Print Driver signature validation |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\Driver |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ConfigureIppPageCountsPolicy
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureIppPageCountsPolicy
+```
+
+
+
+
+Determines whether to always send page count information for accounting purposes for printers using the Microsoft IPP Class Driver.
+
+By default, pages are sent to the printer as soon as they are rendered and page count information is not sent to the printer unless pages must be reordered.
+
+- If you enable this setting the system will render all print job pages up front and send the printer the total page count for the print job.
+
+- If you disable this setting or do not configure it, pages are printed as soon as they are rendered and page counts are only sent when page reordering is required to process the job.
+
+
+
+
+The following are the supported values:
+
+- 0 (Default): Disabled.
+- 1: Enabled.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureIppPageCountsPolicy |
+| Friendly Name | Always send job page count information for IPP printers |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\IPP |
+| Registry Value Name | AlwaysSendIppPageCounts |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ConfigureRedirectionGuardPolicy
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureRedirectionGuardPolicy
+```
+
+
+
+
+Determines whether Redirection Guard is enabled for the print spooler.
+
+You can enable this setting to configure the Redirection Guard policy being applied to spooler.
+
+- If you disable or do not configure this policy setting, Redirection Guard will default to being 'enabled'.
+
+- If you enable this setting you may select the following options:
+
+- Enabled : Redirection Guard will prevent any file redirections from being followed
+
+- Disabled : Redirection Guard will not be enabled and file redirections may be used within the spooler process
+
+- Audit : Redirection Guard will log events as though it were enabled but will not actually prevent file redirections from being used within the spooler.
+
+
+
+
+The following are the supported values:
+
+- 0: Redirection guard disabled.
+- 1 (Default): Redirection guard enabled.
+- 2: Redirection guard audit mode.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureRedirectionGuardPolicy |
+| Friendly Name | Configure Redirection Guard |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ConfigureRpcAuthnLevelPrivacyEnabled
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureRpcAuthnLevelPrivacyEnabled
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+
+
+
+
+
+
+
+
+
+
+## ConfigureRpcConnectionPolicy
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureRpcConnectionPolicy
+```
+
+
+
+
+This policy setting controls which protocol and protocol settings to use for outgoing RPC connections to a remote print spooler.
+
+By default, RPC over TCP is used and authentication is always enabled. For RPC over named pipes, authentication is always enabled for domain joined machines but disabled for non domain joined machines.
+
+Protocol to use for outgoing RPC connections:
+- "RPC over TCP": Use RPC over TCP for outgoing RPC connections to a remote print spooler
+- "RPC over named pipes": Use RPC over named pipes for outgoing RPC connections to a remote print spooler
+
+Use authentication for outgoing RPC over named pipes connections:
+- "Default": By default domain joined computers enable RPC authentication for RPC over named pipes while non domain joined computers disable RPC authentication for RPC over named pipes
+- "Authentication enabled": RPC authentication will be used for outgoing RPC over named pipes connections
+- "Authentication disabled": RPC authentication will not be used for outgoing RPC over named pipes connections
+
+- If you disable or do not configure this policy setting, the above defaults will be used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureRpcConnectionPolicy |
+| Friendly Name | Configure RPC connection settings |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\RPC |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ConfigureRpcListenerPolicy
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureRpcListenerPolicy
+```
+
+
+
+
+This policy setting controls which protocols incoming RPC connections to the print spooler are allowed to use.
+
+By default, RPC over TCP is enabled and Negotiate is used for the authentication protocol.
+
+Protocols to allow for incoming RPC connections:
+- "RPC over named pipes": Incoming RPC connections are only allowed over named pipes
+- "RPC over TCP": Incoming RPC connections are only allowed over TCP (the default option)
+- "RPC over named pipes and TCP": Incoming RPC connections will be allowed over TCP and named pipes
+
+Authentication protocol to use for incoming RPC connections:
+- "Negotiate": Use the Negotiate authentication protocol (the default option)
+- "Kerberos": Use the Kerberos authentication protocol
+
+- If you disable or do not configure this policy setting, the above defaults will be used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureRpcListenerPolicy |
+| Friendly Name | Configure RPC listener settings |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\RPC |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ConfigureRpcTcpPort
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ConfigureRpcTcpPort
+```
+
+
+
+
+This policy setting controls which port is used for RPC over TCP for incoming connections to the print spooler and outgoing connections to remote print spoolers.
+
+By default dynamic TCP ports are used.
+
+RPC over TCP port:
+- The port to use for RPC over TCP. A value of 0 is the default and indicates that dynamic TCP ports will be used
+
+- If you disable or do not configure this policy setting, dynamic TCP ports are used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureRpcTcpPort |
+| Friendly Name | Configure RPC over TCP port |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\RPC |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## EnableDeviceControl
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl
+```
+
+
+
+
+Determines whether Device Control Printing Restrictions are enforced for printing on this computer.
+
+By default, there are no restrictions to printing based on connection type or printer Make/Model.
+
+- If you enable this setting, the computer will restrict printing to printer connections on the corporate network or approved USB-connected printers.
+
+- If you disable this setting or do not configure it, there are no restrictions to printing based on connection type or printer Make/Model.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableDeviceControl |
+| Friendly Name | Enable Device Control Printing Restrictions |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| Registry Value Name | EnableDeviceControl |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## EnableDeviceControlUser
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/Printers/EnableDeviceControlUser
+```
+
+
+
+
+Determines whether Device Control Printing Restrictions are enforced for printing on this computer.
+
+By default, there are no restrictions to printing based on connection type or printer Make/Model.
+
+- If you enable this setting, the computer will restrict printing to printer connections on the corporate network or approved USB-connected printers.
+
+- If you disable this setting or do not configure it, there are no restrictions to printing based on connection type or printer Make/Model.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableDeviceControlUser |
+| Friendly Name | Enable Device Control Printing Restrictions |
+| Location | User Configuration |
+| Path | Control Panel > Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| Registry Value Name | EnableDeviceControl |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## ManageDriverExclusionList
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/ManageDriverExclusionList
+```
+
+
+
+
+This policy setting controls the print driver exclusion list. The exclusion list allows an administrator to curate a list of printer drivers that are not allowed to be installed on the system.
+
+This checks outranks the signature check and allows drivers that have a valid signature level for the Print Driver signature validation policy to be excluded.
+
+Entries in the exclusion list consist of a SHA256 hash (or SHA1 hash for Win7) of the INF file and/or main driver DLL file of the driver and the name of the file.
+
+- If you disable or do not configure this policy setting, the registry key and values associated with this policy setting will be deleted, if currently set to a value.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ManageDriverExclusionList |
+| Friendly Name | Manage Print Driver exclusion list |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\Driver |
+| ADMX File Name | Printing.admx |
+
+
+
+
+
+
+
+
+
+## PointAndPrintRestrictions
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions
+```
+
+
+
+
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
-If you enable this policy setting:
+- If you enable this policy setting:
+-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+-You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
-- Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver isn't available on the client, no connection will be made.
+- If you do not configure this policy setting:
+-Windows Vista client computers can point and print to any server.
+-Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
-- You can configure Windows Vista clients so that security warnings and elevated command prompts don't appear when users Point and Print, or when printer connection drivers need to be updated.
+- If you disable this policy setting:
+-Windows Vista client computers can create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+-The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
-If you don't configure this policy setting:
+
+
+
-- Windows Vista client computers can point and print to any server.
+
+**Description framework properties**:
-- Windows Vista computers will show a warning and an elevated command prompt, when users create a printer connection to any server using Point and Print.
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-- Windows Vista computers will show a warning and an elevated command prompt, when an existing printer connection driver needs to be updated.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-- Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
+**ADMX mapping**:
-If you disable this policy setting:
+| Name | Value |
+|:--|:--|
+| Name | PointAndPrint_Restrictions_Win7 |
+| Friendly Name | Point and Print Restrictions |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint |
+| Registry Value Name | Restricted |
+| ADMX File Name | Printing.admx |
+
-- Windows Vista client computers can create a printer connection to any server using Point and Print.
+
+
+
-- Windows Vista computers won't show a warning or an elevated command prompt, when users create a printer connection to any server using Point and Print.
+
-- Windows Vista computers won't show a warning or an elevated command prompt, when an existing printer connection driver needs to be updated.
+
+## PointAndPrintRestrictions_User
-- Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
-- The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
+```User
+./User/Vendor/MSFT/Policy/Config/Printers/PointAndPrintRestrictions_User
+```
+
-
-
-ADMX Info:
-- GP Friendly name: *Point and Print Restrictions*
-- GP name: *PointAndPrint_Restrictions*
-- GP path: *Control Panel/Printers*
-- GP ADMX file name: *Printing.admx*
+
+
+This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
-
-
+- If you enable this policy setting:
+-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+-You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
-
+- If you do not configure this policy setting:
+-Windows Vista client computers can point and print to any server.
+-Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
-
-**Printers/PublishPrinters**
+- If you disable this policy setting:
+-Windows Vista client computers can create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+-The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+**Description framework properties**:
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> [!div class = "checklist"]
-> * Device
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | PointAndPrint_Restrictions |
+| Friendly Name | Point and Print Restrictions |
+| Location | User Configuration |
+| Path | Control Panel > Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint |
+| Registry Value Name | Restricted |
+| ADMX File Name | Printing.admx |
+
-
-
+
+
+
+
+
+
+
+## PublishPrinters
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/PublishPrinters
+```
+
+
+
+
Determines whether the computer's shared printers can be published in Active Directory.
-If you enable this setting or don't configure it, users can use the "List in directory" option in the Printer's Properties' on the Sharing tab, to publish shared printers in Active Directory.
+- If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
-If you disable this setting, this computer's shared printers can't be published in Active Directory, and the "List in directory" option isn't available.
+- If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available.
> [!NOTE]
-> This setting takes priority over the setting "Automatically publish new printers in the Active Directory".
+> This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
+
-
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Allow printers to be published*
-- GP name: *PublishPrinters*
-- GP path: *Printers*
-- GP ADMX file name: *Printing2.admx*
+
+**Description framework properties**:
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**Printers/RestrictDriverInstallationToAdministrators**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+**ADMX mapping**:
-
-
+| Name | Value |
+|:--|:--|
+| Name | PublishPrinters |
+| Friendly Name | Allow printers to be published |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| Registry Value Name | PublishPrinters |
+| ADMX File Name | Printing2.admx |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+
+
-> [!div class = "checklist"]
-> * Device
+
-
+
+## RestrictDriverInstallationToAdministrators
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+
-This new Group Policy entry will be used to manage the `Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint\RestrictDriverInstallationToAdministrators` registry entry for restricting print driver installation to Administrator users.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Printers/RestrictDriverInstallationToAdministrators
+```
+
-This registry key was added to the print system as part of the 7OOB security update and use of this registry key was expanded as part of the 8B security rollup.
+
+
+Determines whether users that aren't Administrators can install print drivers on this computer.
-The default value of the policy will be Unconfigured.
+By default, users that aren't Administrators can't install print drivers on this computer.
-If the policy value is either Unconfigured or Enabled, only Administrators or members of an Administrator security group (Administrators, Domain Administrators, Enterprise Administrators) will be allowed to install print drivers on the computer.
+- If you enable this setting or do not configure it, the system will limit installation of print drivers to Administrators of this computer.
-If the policy value is Disabled, standard users will also be allowed to install print drivers on the computer.
+- If you disable this setting, the system won't limit installation of print drivers to this computer.
+
-The following are the supported values:
+
+
+
-- Not configured or Enabled - Only administrators can install print drivers on the computer.
-- Disabled - Standard users are allowed to install print drivers on the computer.
+
+**Description framework properties**:
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-ADMX Info:
-- GP Friendly name: *Restrict installation of print drivers to Administrators*
-- GP name: *RestrictDriverInstallationToAdministrators*
-- GP path: *Printers*
-- GP ADMX file name: *Printing.admx*
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RestrictDriverInstallationToAdministrators |
+| Friendly Name | Limits print driver installation to Administrators |
+| Location | Computer Configuration |
+| Path | Printers |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint |
+| Registry Value Name | RestrictDriverInstallationToAdministrators |
+| ADMX File Name | Printing.admx |
+
-
+
+
+
-## Related topics
+
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)