deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-3

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2022-01-11 11:56:19 -08:00
committed by GitHub
parent 548e15d1de b4ee40b0b9
commit c450d3281b
19 changed files with 351 additions and 476 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
windows/client-management/mdm/browserfavorite-csp.md
View File

@ -1,94 +0,0 @@
---
title: BrowserFavorite CSP
description: Learn how the BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.date: 10/25/2021
---
# BrowserFavorite CSP
The BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
> [!Note]
> BrowserFavorite CSP is only supported in Windows Phone 8.1.
The BrowserFavorite configuration service provider manages only the favorites at the root favorite folder level. It does not manage subfolders under the root favorite folder nor does it manage favorites under a subfolder.
> [!Note]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_INTERNET\_EXPLORER\_FAVORITES capabilities to be accessed from a network configuration application.
The following shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
```console
BrowserFavorite
favorite name
----URL
```
<a href="" id="favorite-name-------------"></a>***favorite name***
Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer.
> [!Note]
> The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |
Adding the same favorite twice adds only one occurrence to the Favorites list. If a favorite is added when another favorite with the same name but a different URL is already in the Favorites list, the existing favorite is replaced with the new favorite.
<a href="" id="url"></a>**URL**
Optional. Specifies the complete URL for the favorite.
## OMA client provisioning examples
Adding a new browser favorite.
```xml
<?xml version="1.0" encoding="UTF-8" ?>
<wap-provisioningdoc>
<characteristic type="BrowserFavorite">
<characteristic type="Help and how-to">
<parm name="URL" value="http://www.microsoft.com/windowsphone/en-US/howto/wp7/default.aspx"/>
</characteristic>
</characteristic>
</wap-provisioningdoc>
```
## Microsoft Custom Elements
The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
|Elements|Available|
|--- |--- |
|Parm-query|Yes|
|Noparm|Yes|
|Nocharacteristic|Yes|
|Characteristic-query|Yes<br> <br>Recursive query: Yes<br> <br>Top-level query: Yes|
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)

12
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -227,11 +227,11 @@ Optional. Specifies where to keep the private key.
The data type is an integer corresponding to one of the following values:
| Value | Description |
|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | Private key protected by TPM. |
| 2 | Private key protected by phone TPM if the device supports TPM. All Windows Phone 8.1 devices support TPM and will treat value 2 as 1. |
| 3 | (Default) Private key saved in software KSP. |
| Value | Description |
|---|---|
| 1 | Private key protected by TPM. |
| 2 | Private key protected by phone TPM if the device supports TPM. |
| 3 | (Default) Private key saved in software KSP. |
| 4 | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specified, otherwise enrollment will fail. |
Supported operations are Add, Get, Delete, and Replace.
@ -361,7 +361,7 @@ The date type format is Null, meaning this node doesnt contain a value.
The only supported operation is Execute.
<a href="" id="clientcertificateinstall-scep-uniqueid-install-aadkeyidentifierlist"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
Optional. Specify the AAD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Data type is string.

9
windows/client-management/mdm/clientcertificateinstall-ddf-file.md
View File

@ -556,21 +556,22 @@ Supported operations are Get, Add, Delete, Replace.</Description>
</AccessType>
<DefaultValue>3</DefaultValue>
<Description>Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
SCEP enrolled cert doesnt support TPM PIN protection.
Supported values:
SCEP enrolled cert doesnt support TPM PIN protection. Supported values:
1 private key protected by TPM,
2 private key protected by phone TPM if the device supports TPM.
All Windows Phone 8.1 devices support TPM and will treat value 2 as 1
3 (default) private key saved in software KSP
4 private key protected by NGC. If this option is specified, container name should be specifed, if not enrollment will fail
4 private key protected by NGC. If this option is specified, container name should be specified, if not enrollment will fail.
Format is int.
Supported operations are Get, Add, Delete, Replace
</Description>
<DFFormat>
<int />

14
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -15,7 +15,7 @@ ms.collection: highpri
# Configuration service provider reference
A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used overtheair for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used overtheair for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot.
A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used overtheair for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used overtheair for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download).
@ -150,18 +150,6 @@ Additional lists:
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[BrowserFavorite CSP](browserfavorite-csp.md)
<!--StartSKU-->
|Home|Pro|Business|Enterprise|Education|
|--- |--- |--- |--- |--- |
|No|No|No|No|No|
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[CMPolicy CSP](cmpolicy-csp.md)

34
windows/client-management/mdm/dmprocessconfigxmlfiltered.md
View File

@ -25,7 +25,7 @@ ms.date: 06/26/2017
# DMProcessConfigXMLFiltered function
> [!Important]
> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios.
@ -45,7 +45,7 @@ Microsoft recommends that this function isn't used to configure the following ty
- Email settings
> [!Note]
> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
@ -54,37 +54,29 @@ Microsoft recommends that this function isn't used to configure the following ty
```C++
HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
LPCWSTR pszXmlIn,
const WCHAR   **rgszAllowedCspNode,
const DWORD   dwNumAllowedCspNodes,
BSTR    *pbstrXmlOut
const WCHAR **rgszAllowedCspNode,
const DWORD dwNumAllowedCspNodes,
BSTR *pbstrXmlOut
);
```
## Parameters
*pszXmlIn*
<ul>
<li>[in] The nullterminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. <strong>DMProcessConfigXMLFiltered</strong> accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).</li>
</ul>
<br>
- [in] The nullterminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).
*rgszAllowedCspNode*
<ul>
<li>[in] Array of <strong>WCHAR\</strong>* that specify which configuration service provider nodes can be invoked.</li>
</ul>
<br>
- [in] Array of `WCHAR` that specify which configuration service provider nodes can be invoked.
*dwNumAllowedCspNodes*
<ul>
<li>[in] Number of elements passed in <em>rgszAllowedCspNode</em>.</li>
</ul>
<br>
- [in] Number of elements passed in <em>rgszAllowedCspNode</em>.
*pbstrXmlOut*
<ul>
<li>[out] The resulting nullterminated XML from configuration. The caller of <strong>DMProcessConfigXMLFiltered</strong> is responsible for cleanup of the output buffer that the <em>pbstrXmlOut</em> parameter references. Use <a href="/windows/win32/api/oleauto/nf-oleauto-sysfreestring" data-raw-source="[**SysFreeString**](/windows/win32/api/oleauto/nf-oleauto-sysfreestring)"><strong>SysFreeString</strong></a> to free the memory.</li>
</ul>
<br>
- [out] The resulting nullterminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the <em>pbstrXmlOut</em> parameter references. Use <a href="/windows/win32/api/oleauto/nf-oleauto-sysfreestring" data-raw-source="[**SysFreeString**](/windows/win32/api/oleauto/nf-oleauto-sysfreestring)">**SysFreeString**</a> to free the memory.
If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document doesn't contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned.

34
windows/client-management/mdm/federated-authentication-device-enrollment.md
View File

@ -16,9 +16,9 @@ ms.date: 07/28/2017
This section provides an example of the mobile device enrollment protocol using federated authentication policy. When the authentication policy is set to Federated, the web authentication broker is leveraged by the enrollment client to get a security token. The enrollment client calls the web authentication broker API within the response message to start the process. The server should build the web authentication broker pages to fit the device screen and should be consistent with the existing enrollment UI. The opaque security token that is returned from the broker as an end page is used by the enrollment client as the device security secret during the client certificate request call.
The &lt;AuthenticationServiceURL&gt; element the discovery response message specifies web authentication broker page start URL.
The `<AuthenticationServiceURL>` element the discovery response message specifies web authentication broker page start URL.
For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
## In this topic
@ -26,7 +26,7 @@ For details about the Microsoft mobile device enrollment protocol for Windows 1
[Enrollment policy web service](#enrollment-policy-web-service)
[Enrollment web service](#enrollment-web-service)
For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported).
For the list of enrollment scenarios not supported in Windows 10, see [Enrollment scenarios not supported](mobile-device-enrollment.md#enrollment-scenarios-not-supported).
## Discovery service
@ -35,7 +35,7 @@ The discovery web service provides the configuration information necessary for a
> [!NOTE]
> The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http:<span></span>//enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc
The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: `http://enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc`.
The first request is a standard HTTP GET request.
@ -146,7 +146,7 @@ A new XML tag, AuthenticationServiceUrl, is introduced in the DiscoveryResponse
The following are the explicit requirements for the server.
- The &lt;DiscoveryResponse&gt;&lt;AuthenticationServiceUrl&gt; element must support HTTPS.
- The `<DiscoveryResponse>``<AuthenticationServiceUrl>` element must support HTTPS.
- The authentication server must use a device trusted root certificate. Otherwise, the WAP call will fail.
- WP doesnt support Windows Integrated Authentication (WIA) for ADFS during WAB authentication. ADFS 2012 R2 if used needs to be configured to not attempt WIA for Windows device.
@ -156,8 +156,8 @@ The enrollment client issues an HTTPS request as follows:
AuthenticationServiceUrl?appru=<appid>&amp;login_hint=<User Principal Name>
```
- &lt;appid&gt; is of the form ms-app://string
- &lt;User Principal Name&gt; is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication.
- `<appid>` is of the form ms-app://string
- `<User Principal Name>` is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication.
After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter.
@ -191,7 +191,7 @@ Content-Length: 556
</html>
```
The server has to send a POST to a redirect URL of the form ms-app://string (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary" contained in the &lt;wsse:BinarySecurityToken&gt; EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it is just HTML encoded. This string is opaque to the enrollment client; the client does not interpret the string.
The server has to send a POST to a redirect URL of the form ms-app://string (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary` contained in the `<wsse:BinarySecurityToken>` EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it is just HTML encoded. This string is opaque to the enrollment client; the client does not interpret the string.
The following example shows a response received from the discovery web service which requires authentication via WAB.
@ -235,18 +235,18 @@ Policy service is optional. By default, if no policies are specified, the minimu
This web service implements the X.509 Certificate Enrollment Policy Protocol (MS-XCEP) specification that allows customizing certificate enrollment to match different security needs of enterprises at different times (cryptographic agility). The service processes the GetPolicies message from the client, authenticates the client, and returns matching enrollment policies in the GetPoliciesResponse message.
For Federated authentication policy, the security token credential is provided in a request message using the &lt;wsse:BinarySecurityToken&gt; element \[WSS\]. The security token is retrieved as described in the discovery response section. The authentication information is as follows:
For Federated authentication policy, the security token credential is provided in a request message using the `<wsse:BinarySecurityToken>` element \[WSS\]. The security token is retrieved as described in the discovery response section. The authentication information is as follows:
- wsse:Security: The enrollment client implements the &lt;wsse:Security&gt; element defined in \[WSS\] section 5. The &lt;wsse:Security&gt; element must be a child of the &lt;s:Header&gt; element.
- wsse:BinarySecurityToken: The enrollment client implements the &lt;wsse:BinarySecurityToken&gt; element defined in \[WSS\] section 6.3. The &lt;wsse:BinarySecurityToken&gt; element must be included as a child of the &lt;wsse:Security&gt; element in the SOAP header.
- wsse:Security: The enrollment client implements the `<wsse:Security>` element defined in \[WSS\] section 5. The `<wsse:Security>` element must be a child of the `<s:Header>` element.
- wsse:BinarySecurityToken: The enrollment client implements the `<wsse:BinarySecurityToken>` element defined in \[WSS\] section 6.3. The `<wsse:BinarySecurityToken>` element must be included as a child of the `<wsse:Security>` element in the SOAP header.
As was described in the discovery response section, the inclusion of the &lt;wsse:BinarySecurityToken&gt; element is opaque to the enrollment client, and the client does not interpret the string, and the inclusion of the element is agreed upon by the security token authentication server (as identified in the &lt;AuthenticationServiceUrl&gt; element of &lt;DiscoveryResponse&gt; and the enterprise server.
As was described in the discovery response section, the inclusion of the `<wsse:BinarySecurityToken>` element is opaque to the enrollment client, and the client does not interpret the string, and the inclusion of the element is agreed upon by the security token authentication server (as identified in the `<AuthenticationServiceUrl>` element of `<DiscoveryResponse>` and the enterprise server.
The &lt;wsse:BinarySecurityToken&gt; element contains a base64-encoded string. The enrollment client uses the security token received from the authentication server and base64-encodes the token to populate the &lt;wsse:BinarySecurityToken&gt; element.
The `<wsse:BinarySecurityToken>` element contains a base64-encoded string. The enrollment client uses the security token received from the authentication server and base64-encodes the token to populate the `<wsse:BinarySecurityToken>` element.
- wsse:BinarySecurityToken/attributes/ValueType: The `<wsse:BinarySecurityToken>` ValueType attribute must be "http:<span></span>//schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken".
- wsse:BinarySecurityToken/attributes/ValueType: The `<wsse:BinarySecurityToken>` ValueType attribute must be `http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken`.
- wsse:BinarySecurityToken/attributes/EncodingType: The `<wsse:BinarySecurityToken>` EncodingType attribute must be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary".
- wsse:BinarySecurityToken/attributes/EncodingType: The `<wsse:BinarySecurityToken>` EncodingType attribute must be `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary`.
The following is an enrollment policy request example with a received security token as client credential.
@ -478,7 +478,7 @@ After validating the request, the web service looks up the assigned certificate
> [!Note]
> The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (http:<span></span>//schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc), because the token is more than an X.509 v3 certificate.
Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (`http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc`), because the token is more than an X.509 v3 certificate.
The provisioning XML contains:
@ -616,7 +616,7 @@ The following code shows sample provisioning XML (presented in the preceding pac
> [!NOTE]
>
> - &lt;Parm name&gt; and &lt;characteristic type=&gt; elements in the w7 APPLICATION CSP XML are case sensitive and must be all uppercase.
> - `<Parm name>` and `<characteristic type=>` elements in the w7 APPLICATION CSP XML are case sensitive and must be all uppercase.
>
> - In w7 APPLICATION characteristic, both CLIENT and APPSRV credentials should be provided in XML.
>

4
windows/client-management/mdm/nodecache-ddf-file.md
View File

@ -57,7 +57,7 @@ The XML below is the current version for this CSP.
<Add />
<Delete />
</AccessType>
<Description>Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. In Windows Phone 8, only one enterprise management server is supported. That is, there should be only one ProviderID node under NodeCache.</Description>
<Description>Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process.</Description>
<DFFormat>
<node />
</DFFormat>
@ -282,7 +282,7 @@ The XML below is the current version for this CSP.
<Add />
<Delete />
</AccessType>
<Description>Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. In Windows Phone 8, only one enterprise management server is supported. That is, there should be only one ProviderID node under NodeCache.</Description>
<Description>Group settings per DM server. Each group of settings is distinguished by the server's Provider ID. It should be the same DM server PROVIDER-ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process.</Description>
<DFFormat>
<node />
</DFFormat>

2
windows/client-management/mdm/policy-csp-devicelock.md
View File

@ -580,7 +580,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
The following list shows the supported values:
- An integer X where 0 &lt;= X &lt;= 999.
- 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
- 0 (default) - No timeout is defined.
<!--/SupportedValues-->
<!--/Policy-->

2
windows/client-management/mdm/toc.yml
View File

@ -149,8 +149,6 @@ items:
items:
- name: BitLocker DDF file
href: bitlocker-ddf-file.md
- name: BrowserFavorite CSP
href: browserfavorite-csp.md
- name: CellularSettings CSP
href: cellularsettings-csp.md
- name: CertificateStore CSP

22
windows/client-management/mdm/w4-application-csp.md
View File

@ -19,11 +19,12 @@ Use an **APPLICATION** configuration service provider that has an APPID of w4 to
The default security roles are defined in the root characteristic, and map to each subnode unless specific permission is granted to the subnode. The default security roles are Manager, Operator, and Operator TPS.
> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_W4\_APPLICATION capabilities to be accessed from a network configuration application.
> [!NOTE]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_W4\_APPLICATION capabilities to be accessed from a network configuration application.
The following shows the configuration service provider in tree format as used by OMA Client Provisioning.
```console
```cmd
APPLICATION
----APPID
----NAME
@ -45,11 +46,10 @@ This parameter takes a string value. The possible values to configure the NAME p
- no value specified
> **Note**  MDM servers should resend APPLICATION/NAME to DMAcc after an upgrade because this value is displayed in the UI but not saved in Windows Phone 8.1 and cannot be migrated to Windows 10.
> [!NOTE]
> The APPLICATION/NAME value is displayed in the UI. The APPLICATION/NAME value might not be saved on the device. So after an upgrade, the MDM servers should resend APPLICATION/NAME to DMAcc.
 
If no value is specified, the registry location will default to &lt;unnamed&gt;.
If no value is specified, the registry location will default to `<unnamed>`.
If `Name` is greater than 40 characters, it will be truncated to 40 characters.
@ -77,13 +77,3 @@ Optional. The maximum authorized size, in KB, for multimedia content. This param
[Configuration service provider reference](configuration-service-provider-reference.md)