deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 08:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 3136: 9/11 PM Publish

Browse Source 
Merged PR 3126: System/LimitEnhancedDiagnosticDataWindowsAnalytics in Policy CSP
This commit is contained in:
Alma Jenks 2017-09-11 22:30:53 +00:00
commit c40c318720
4 changed files with 78 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1044,6 +1044,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>Education/PreventAddingNewPrinters</li> <li>Education/PreventAddingNewPrinters</li>
<li>Education/PrinterNames</li> <li>Education/PrinterNames</li>
<li>Security/ClearTPMIfNotReady</li> <li>Security/ClearTPMIfNotReady</li>
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li> <li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li>
<li>Update/DisableDualScan</li> <li>Update/DisableDualScan</li>
<li>Update/ScheduledInstallEveryWeek</li> <li>Update/ScheduledInstallEveryWeek</li>
@ -1335,6 +1336,31 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
## Change history in MDM documentation ## Change history in MDM documentation
### September 2017
<table class="mx-tdBreakAll">
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<thead>
<tr class="header">
<th>New or updated topic</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul>
<li>Search/AllowCloudSearch</li>
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
</ul>
</td></tr>
</tbody>
</table>
### August 2017 ### August 2017
<table class="mx-tdBreakAll"> <table class="mx-tdBreakAll">

3
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -2646,6 +2646,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-system.md#system-disablesystemrestore" id="system-disablesystemrestore">System/DisableSystemRestore</a> <a href="./policy-csp-system.md#system-disablesystemrestore" id="system-disablesystemrestore">System/DisableSystemRestore</a>
</dd> </dd>
<dd>
<a href="./policy-csp-system.md#system-limitenhanceddiagnosticdatawindowsanalytics" id="limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
</dd>
<dd> <dd>
<a href="./policy-csp-system.md#system-telemetryproxy" id="system-telemetryproxy">System/TelemetryProxy</a> <a href="./policy-csp-system.md#system-telemetryproxy" id="system-telemetryproxy">System/TelemetryProxy</a>
</dd> </dd>

6
windows/client-management/mdm/policy-csp-defender.md
View File

@ -572,7 +572,7 @@ ms.date: 08/30/2017
<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe".. <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
Value type is string. <p style="margin-left: 20px">Value type is string.
<!--EndDescription--> <!--EndDescription-->
<!--EndPolicy--> <!--EndPolicy-->
@ -609,7 +609,9 @@ Value type is string.
<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule. <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
Value type is string. <p style="margin-left: 20px">For more information about ASR rule ID and status ID, see [Enable Attack Surface Reduction](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction).
<p style="margin-left: 20px">Value type is string.
<!--EndDescription--> <!--EndDescription-->
<!--EndPolicy--> <!--EndPolicy-->

45
windows/client-management/mdm/policy-csp-system.md
View File

@ -554,6 +554,51 @@ ADMX Info:
<!--EndADMX--> <!--EndADMX-->
<!--EndPolicy--> <!--EndPolicy-->
<!--StartPolicy--> <!--StartPolicy-->
<a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">This policy setting, in combination with the System/AllowTelemetry
policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services.
<p style="margin-left: 20px">To enable this behavior you must complete two steps:
<ul>
<li>Enable this policy setting</li>
<li>Set Allow Telemetry to level 2 (Enhanced)</li>
</ul>
<p style="margin-left: 20px">When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594).
<p style="margin-left: 20px">Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft.
<p style="margin-left: 20px">If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
<!--EndDescription-->
<!--EndPolicy-->
<!--StartPolicy-->
<a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy** <a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy**
<!--StartSKU--> <!--StartSKU-->