deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into Ashok-Lobo-5634470

Browse Source
This commit is contained in:
Ashok Lobo 2021-12-13 15:32:40 +05:30 committed by GitHub
commit c403ad3c29
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 393 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -8359,6 +8359,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
<dd>
<a href="./policy-csp-system.md#system-feedbackhubalwayssavediagnosticslocally" id="system-feedbackhubalwayssavediagnosticslocally">System/FeedbackHubAlwaysSaveDiagnosticsLocally</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-limitdiagnosticlogcollection" id="system-limitdiagnosticlogcollection">System/LimitDiagnosticLogCollection</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-limitdumpcollection" id="system-limitdumpcollection">System/LimitDumpCollection</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics" id="system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
</dd>
@ -8448,6 +8454,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
<dd>
<a href="./policy-csp-textinput.md#textinput-allowlinguisticdatacollection" id="textinput-allowlinguisticdatacollection">TextInput/AllowLinguisticDataCollection</a>
</dd>
<dd>
<a href="./policy-csp-textinput.md#textinput-allowtextinputsuggestionupdate"id="textinput-allowtextinputsuggestionupdate">TextInput/AllowTextInputSuggestionUpdate</a>
</dd>
<dd>
<a href="./policy-csp-textinput.md#textinput-configurejapaneseimeversion"id="textinput-configurejapaneseimeversion">TextInput/ConfigureJapaneseIMEVersion</a>
</dd>
@ -8498,9 +8507,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
### TimeLanguageSettings policies
<dl>
<dd>
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks" id="timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks">TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks</a>
</dd>
<dd>
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone" id="timelanguagesettings-configuretimezone">TimeLanguageSettings/ConfigureTimeZone</a>
</dd>
<dd>
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-machineuilanguageoverwrite" id="timelanguagesettings-machineuilanguageoverwrite">TimeLanguageSettings/MachineUILanguageOverwrite</a>
</dd>
<dd>
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-restrictlanguagepacksandfeaturesinstall" id="timelanguagesettings-restrictlanguagepacksandfeaturesinstall">TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall</a>
</dd>
</dl>
### Troubleshooting policies
@ -8980,6 +8998,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
<dd>
<a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsdiscovery" id="wirelessdisplay-allowmdnsdiscovery">WirelessDisplay/AllowMdnsDiscovery</a>
</dd>
<dd>
<a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmovementdetectiononinfrastructure" id="wirelessdisplay-allowmovementdetectiononinfrastructure">WirelessDisplay/AllowMovementDetectionOnInfrastructure</a>
</dd>
<dd>
<a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectionfrompc" id="wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
</dd>

105
windows/client-management/mdm/policy-csp-system.md
View File

@ -94,6 +94,12 @@ manager: dansimp
<dd>
<a href="#system-feedbackhubalwayssavediagnosticslocally">System/FeedbackHubAlwaysSaveDiagnosticsLocally</a>
</dd>
<dd>
<a href="#system-limitdiagnosticlogcollection">System/LimitDiagnosticLogCollection</a>
</dd>
<dd>
<a href="#system-limitdumpcollection">System/LimitDumpCollection</a>
</dd>
<dd>
<a href="#system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
</dd>
@ -1295,6 +1301,105 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="system-limitdiagnosticlogcollection"></a>**System/LimitDiagnosticLogCollection**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It is sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for additional data collection.
If you disable or do not configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *Limit Diagnostic Log Collection*
- GP name: *LimitDiagnosticLogCollection*
- GP path: *Data Collection and Preview Builds*
- GP ADMX file name: *DataCollection.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 Disabled
- 1 Enabled
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-limitdumpcollection"></a>**System/LimitDumpCollection**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps are not sent unless we have permission to collect optional diagnostic data.
By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only.
If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *Limit Dump Collection*
- GP name: *LimitDumpCollection*
- GP path: *Data Collection and Preview Builds*
- GP ADMX file name: *DataCollection.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 Disabled
- 1 Enabled
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**

48
windows/client-management/mdm/policy-csp-textinput.md
View File

@ -58,6 +58,9 @@ manager: dansimp
<dd>
<a href="#textinput-allowlinguisticdatacollection">TextInput/AllowLinguisticDataCollection</a>
</dd>
<dd>
<a href="#textinput-allowtextinputsuggestionupdate">TextInput/AllowTextInputSuggestionUpdate</a>
</dd>
<dd>
<a href="#textinput-configurejapaneseimeversion">TextInput/ConfigureJapaneseIMEVersion</a>
</dd>
@ -616,6 +619,51 @@ This setting supports a range of values between 0 and 1.
<hr/>
<!--Policy-->
<a href="" id="textinput-allowtextinputsuggestionupdate"></a>**TextInput/AllowTextInputSuggestionUpdate**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Allows the user to turn on or off the automatic downloading of newer versions of the Expressive Input UI.
When downloading is not allowed the Expressive Input panel will always display the initial UI included with the base Windows image.
Most restricted value is 0.
Default: Enabled
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 1 (Enabled) - The newer UX is downloaded from Microsoft service.
- 0 (Disabled) - The UX remains unchanged with what the operating system installs.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="textinput-configurejapaneseimeversion"></a>**TextInput/ConfigureJapaneseIMEVersion**

161
windows/client-management/mdm/policy-csp-timelanguagesettings.md
View File

@ -22,12 +22,75 @@ manager: dansimp
## TimeLanguageSettings policies
<dl>
<dd>
<a href="#timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks">TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks</a>
</dd>
<dd>
<a href="#timelanguagesettings-configuretimezone">TimeLanguageSettings/ConfigureTimeZone</a>
</dd>
<dd>
<a href="#timelanguagesettings-machineuilanguageoverwrite">TimeLanguageSettings/MachineUILanguageOverwrite</a>
</dd>
<dd>
<a href="#timelanguagesettings-restrictlanguagepacksandfeaturesinstall">TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks"></a>**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls whether the maintenance task will run to clean up language packs installed on a machine but are not used by any users on that machine.
If you enable this policy setting (value 1), language packs that are installed as part of the system image will remain installed even if they are not used by any user on that system.
If you disable (value 0) or do not configure this policy setting, language packs that are installed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *Block cleanup of unused language packs*
- GP name: *BlockCleanupOfUnusedPreinstalledLangPacks*
- GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options*
- GP ADMX file name: *Globalization.admx*
<!--/ADMXMapped-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
@ -74,5 +137,103 @@ Specifies the time zone to be applied to the device. This is the standard Window
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="timelanguagesettings-machineuilanguageoverwrite"></a>**TimeLanguageSettings/MachineUILanguageOverwrite**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls which UI language is used for computers with more than one UI language installed.
If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator.
If you disable or do not configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *Force selected system UI language to overwrite the user UI language*
- GP name: *MachineUILanguageOverwrite*
- GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options*
- GP ADMX file name: *Globalization.admx*
<!--/ADMXMapped-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="timelanguagesettings-restrictlanguagepacksandfeaturesinstall"></a>**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting restricts standard users from installing language features on demand. This policy does not restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.”
If you enable this policy setting, the installation of language features is prevented for standard users.
If you disable or do not configure this policy setting, there is no language feature installation restriction for the standard users.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<!--/Policies-->

50
windows/client-management/mdm/policy-csp-wirelessdisplay.md
View File

@ -26,6 +26,9 @@ manager: dansimp
<dd>
<a href="#wirelessdisplay-allowmdnsdiscovery">WirelessDisplay/AllowMdnsDiscovery</a>
</dd>
<dd>
<a href="#wirelessdisplay-allowmovementdetectiononinfrastructure">WirelessDisplay/AllowMovementDetectionOnInfrastructure</a>
</dd>
<dd>
<a href="#wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
</dd>
@ -129,6 +132,53 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="wirelessdisplay-allowmovementdetectiononinfrastructure"></a>**WirelessDisplay/AllowMovementDetectionOnInfrastructure**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows you to disable the infrastructure movement detection feature.
If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure.
If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session.
The default value is 1.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - Do not allow
- 1 (Default) - Allow
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**

8
windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
View File

@ -39,6 +39,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
## Azure AD joined provisioning in a Managed environment
![Azure AD joined provisioning in a Managed environment.](images/howitworks/prov-aadj-managed.png)
[Full size image](images/howitworks/prov-aadj-managed.png)
| Phase | Description |
| :----: | :----------- |
@ -50,6 +51,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Azure AD joined provisioning in a Federated environment
![Azure AD joined provisioning in Managed environment.](images/howitworks/prov-aadj-federated.png)
[Full size image](images/howitworks/prov-aadj-federated.png)
| Phase | Description |
| :----: | :----------- |
@ -60,7 +62,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment
![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment.](images/howitworks/prov-haadj-keytrust-managed.png)
[Full size image](images/howitworks/prov-haadj-keytrust-managed.png)
| Phase | Description |
|:-----:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@ -78,7 +80,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment
![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment.](images/howitworks/prov-haadj-instant-certtrust-federated.png)
[Full size image](images/howitworks/prov-haadj-instant-certtrust-federated.png)
| Phase | Description |
|:-----:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@ -96,6 +98,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Domain joined provisioning in an On-premises Key Trust deployment
![Domain joined provisioning in an On-premises Key Trust deployment.](images/howitworks/prov-onprem-keytrust.png)
[Full size image](images/howitworks/prov-onprem-keytrust.png)
| Phase | Description |
| :----: | :----------- |
@ -107,6 +110,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Return to top](#windows-hello-for-business-provisioning)
## Domain joined provisioning in an On-premises Certificate Trust deployment
![Domain joined provisioning in an On-premises Certificate Trust deployment.](images/howitworks/prov-onprem-certtrust.png)
[Full size image](images/howitworks/prov-onprem-certtrust.png)
| Phase | Description |
| :----: | :----------- |

4
windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
View File

@ -59,7 +59,7 @@ The following table lists the Group Policy settings that you can configure for W
|Minimum PIN length|Computer|<p><b>Not configured</b>: PIN length must be greater than or equal to 4.<p><b>Enabled</b>: PIN length must be greater than or equal to the number you specify.<p><b>Disabled</b>: PIN length must be greater than or equal to 4.|
|Expiration|Computer|<p><b>Not configured</b>: PIN does not expire.<p><b>Enabled</b>: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.<p><b>Disabled</b>: PIN does not expire.|
|History|Computer|<p><b>Not configured</b>: Previous PINs are not stored.<p><b>Enabled</b>: Specify the number of previous PINs that can be associated to a user account that can&#39;t be reused.<p><b>Disabled</b>: Previous PINs are not stored.<div class="alert"><b>Note</b>  Current PIN is included in PIN history.</div>|
|Require special characters|Computer|<p><b>Not configured</b>: Users cannot include a special character in their PIN<p><b>Enabled</b>: Users must include at least one special character in their PIN.<p><b>Disabled</b>: Users cannot include a special character in their PIN.|
|Require special characters|Computer|<p><b>Not configured</b>: Windows allows, but does not require, special characters in the PIN.<p><b>Enabled</b>: Windows requires the user to include at least one special character in their PIN.<p><b>Disabled</b>: Windows does not allow the user to include special characters in their PIN.|
|Require uppercase letters|Computer|<p><b>Not configured</b>: Users cannot include an uppercase letter in their PIN.<p><b>Enabled</b>: Users must include at least one uppercase letter in their PIN.<p><b>Disabled</b>: Users cannot include an uppercase letter in their PIN.|
### Phone Sign-in
@ -168,4 +168,4 @@ If you want to use Windows Hello for Business with certificates, you'll need a d
- [Windows Hello and password changes](hello-and-password-changes.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)