deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into nimishasatapathy-4850064-Phase3policies

Browse Source
This commit is contained in:
Nimisha Satapathy 2021-03-25 16:17:05 +05:30 committed by GitHub
commit c5213a7319
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1996 changed files with 8469 additions and 51744 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.acrolinx-config.edn
View File

@ -11,7 +11,7 @@
}
:scores {
;;:terminology 100
:qualityscore 65 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place
:qualityscore 80 ;; Confirmed with Hugo that you just comment out the single score and leave the structure in place
;;:spelling 40
}
}
@ -35,7 +35,7 @@
"
## Acrolinx Scorecards
**The minimum Acrolinx topic score of 65 is required for all MARVEL content merged to the default branch.**
**The minimum Acrolinx topic score of 80 is required for all MARVEL content merged to the default branch.**
If you need a scoring exception for content in this PR, add the *Sign off* and the *Acrolinx exception* labels to the PR. The PubOps Team will review the exception request and may take one or more of the following actions:

1986
.openpublishing.redirection.json
View File

File diff suppressed because it is too large Load Diff

11
bcs/docfx.json
View File

@ -36,7 +36,16 @@
"externalReference": [],
"globalMetadata": {
"breadcrumb_path": "/microsoft-365/business/breadcrumb/toc.json",
"extendBreadcrumb": true
"extendBreadcrumb": true,
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
},
"fileMetadata": {},
"template": [],

11
browsers/edge/docfx.json
View File

@ -42,7 +42,16 @@
"folder_relative_path_in_docset": "./"
}
},
"titleSuffix": "Edge"
"titleSuffix": "Edge",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
},
"externalReference": [],
"template": "op.html",

16
browsers/edge/microsoft-edge-kiosk-mode-deploy.md
View File

@ -11,7 +11,7 @@ ms.prod: edge
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 01/17/2020
ms.date: 02/16/2021
---
# Deploy Microsoft Edge Legacy kiosk mode
@ -22,7 +22,7 @@ ms.date: 01/17/2020
> Professional, Enterprise, and Education
> [!NOTE]
> You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). For information about kiosk mode in the new version of Microsoft Edge, see [Microsoft Edge kiosk mode](https://docs.microsoft.com/DeployEdge/microsoft-edge-kiosk-mode).
> You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). For information about kiosk mode in the new version of Microsoft Edge, see [Microsoft Edge kiosk mode](https://docs.microsoft.com/DeployEdge/microsoft-edge-configure-kiosk-mode).
In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge Legacy as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge Legacy in kiosk mode.
@ -162,12 +162,12 @@ With this method, you can use Microsoft Intune or other MDM services to configur
| | |
|---|---|
| **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p>![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge Legacy as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge Legacy running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p>![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge Legacy kiosk mode resets the user's session.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
| **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![](images/icon-thin-line-computer.png) | Set one or more start pages, URLs, to load when Microsoft Edge Legacy launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\> |
| **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p>![](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
| **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p>![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
| **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p>![](images/icon-thin-line-computer.png) | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
| **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p>![Icon Mode](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge Legacy as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge Legacy running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p>![Icon Timeout](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge Legacy kiosk mode resets the user's session.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
| **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![Icon HomePage](images/icon-thin-line-computer.png) | Set one or more start pages, URLs, to load when Microsoft Edge Legacy launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\> |
| **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p>![Icon Configure](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
| **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p>![Icon Set Home](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
| **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p>![Icon New Tab](images/icon-thin-line-computer.png) | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
**_Congratulations!_** <p>Youve just finished setting up a kiosk or digital signage with policies for Microsoft Edge Legacy kiosk mode using Microsoft Intune or other MDM service.

11
browsers/internet-explorer/docfx.json
View File

@ -39,7 +39,16 @@
"folder_relative_path_in_docset": "./"
}
},
"titleSuffix": "Internet Explorer"
"titleSuffix": "Internet Explorer",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
},
"externalReference": [],
"template": "op.html",

11
devices/hololens/docfx.json
View File

@ -45,7 +45,16 @@
"folder_relative_path_in_docset": "./"
}
}
},
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
},
"fileMetadata": {},
"template": [],

11
gdpr/docfx.json
View File

@ -34,7 +34,16 @@
"ms.author": "lizross",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app"
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
},
"fileMetadata": {},
"template": [],

1
store-for-business/TOC.md
View File

@ -3,7 +3,6 @@
## [Sign up and get started](sign-up-microsoft-store-for-business-overview.md)
### [Microsoft Store for Business and Microsoft Store for Education overview](microsoft-store-for-business-overview.md)
### [Prerequisites for Microsoft Store for Business and Education](prerequisites-microsoft-store-for-business.md)
### [Sign up for Microsoft Store for Business or Microsoft Store for Education](sign-up-microsoft-store-for-business.md)
### [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md)
### [Settings reference: Microsoft Store for Business and Education](settings-reference-microsoft-store-for-business.md)
## [Find and acquire apps](find-and-acquire-apps-overview.md)

12
store-for-business/acquire-apps-microsoft-store-for-business.md
View File

@ -5,16 +5,20 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.date: 10/23/2018
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.reviewer:
manager: dansimp
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 03/10/2021
---
# Acquire apps in Microsoft Store for Business and Education
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
As an admin, you can acquire apps from the Microsoft Store for Business and Education for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md). The following sections explain some of the settings for shopping.
## App licensing model

10
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -3,16 +3,16 @@ title: Add unsigned app to code integrity policy (Windows 10)
description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store, security
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/17/2017
ms.date: 03/10/2021
---
# Add unsigned app to code integrity policy
@ -99,7 +99,7 @@ After you're done, the files are saved to your desktop. You still need to sign t
## <a href="" id="catalog-signing-device-guard-portal"></a>Catalog signing with Device Guard signing portal
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business. For more information, see [Sign up for the Microsoft Store for Business](sign-up-microsoft-store-for-business.md).
To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.

12
store-for-business/includes/store-for-business-content-updates.md
View File

@ -2,17 +2,9 @@
## Week of January 25, 2021
## Week of March 15, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 1/29/2021 | [Distribute offline apps (Windows 10)](/microsoft-store/distribute-offline-apps) | modified |
## Week of January 11, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 1/14/2021 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |
| 3/17/2021 | [Roles and permissions in Microsoft Store for Business and Education (Windows 10)](/microsoft-store/roles-and-permissions-microsoft-store-for-business) | modified |

14
store-for-business/index.md
View File

@ -2,21 +2,20 @@
title: Microsoft Store for Business and Education (Windows 10)
description: Welcome to the Microsoft Store for Business and Education. You can use Microsoft Store, to find, acquire, distribute, and manage apps for your organization or school.
ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: high
ms.date: 05/14/2020
ms.date: 03/10/2021
---
# Microsoft Store for Business and Education
**Applies to**
- Windows 10
@ -24,6 +23,11 @@ ms.date: 05/14/2020
Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
> [!IMPORTANT]
> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If youve already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you wont be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of “free” will still be available. This change doesnt impact apps in the Microsoft Store on Windows 10.
>
> Also starting April 14, 2021, you must sign in with your Azure Active Directory (Azure AD) account before you browse Microsoft Store for Business and Education.
## In this section
| Topic | Description |

13
store-for-business/microsoft-store-for-business-overview.md
View File

@ -3,16 +3,16 @@ title: Microsoft Store for Business and Microsoft Store for Education overview (
description: With Microsoft Store for Business and Microsoft Store for Education, organizations and schools can make volume purchases of Windows apps.
ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.pagetype: store, mobile
ms.mktglfcycl: manage
ms.sitesec: library
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date:
ms.date: 03/10/2021
---
# Microsoft Store for Business and Microsoft Store for Education overview
@ -22,6 +22,9 @@ ms.date:
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
Designed for organizations, Microsoft Store for Business and Microsoft Store for Education give IT decision makers and administrators in businesses or schools a flexible way to find, acquire, manage, and distribute free and paid apps in select markets to Windows 10 devices in volume. IT administrators can manage Microsoft Store apps and private line-of-business apps in one inventory, plus assign and re-use licenses as needed. You can choose the best distribution method for your organization: directly assign apps to individuals and teams, publish apps to private pages in Microsoft Store, or connect with management solutions for more options.
> [!IMPORTANT]
@ -80,8 +83,6 @@ While not required, you can use a management tool to distribute and manage apps.
The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or well quickly create an account for you. You must be a Global Administrator for your organization.
For more information, see [Sign up for Store for Business and Education](sign-up-microsoft-store-for-business.md).
## Set up
After your admin signs up for the Store for Business and Education, they can assign roles to other employees in your company or school. The admin needs Azure AD User Admin permissions to assign Microsoft Store for Business and Education roles. These are the roles and their permissions.

11
store-for-business/prerequisites-microsoft-store-for-business.md
View File

@ -3,16 +3,16 @@ title: Prerequisites for Microsoft Store for Business and Education (Windows 10)
description: There are a few prerequisites for using Microsoft Store for Business or Microsoft Store for Education.
ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date:
ms.date: 03/10/2021
---
# Prerequisites for Microsoft Store for Business and Education
@ -22,6 +22,9 @@ ms.date:
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
> [!IMPORTANT]
> Customers who are in the Office 365 GCC environment or are eligible to buy with government pricing cannot use Microsoft Store for Business.

102
store-for-business/roles-and-permissions-microsoft-store-for-business.md
View File

@ -4,19 +4,28 @@ description: The first person to sign in to Microsoft Store for Business or Micr
keywords: roles, permissions
ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 03/01/2019
ms.date: 03/16/2021
---
# Roles and permissions in Microsoft Store for Business and Education
**Applies to**
- Windows 10
- Windows 10 Mobile
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees.
Microsoft Store for Business and Education has a set of roles that help admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access the Store. Global Administrators and global user accounts that are used with other Microsoft services, such as Azure, or Office 365 can sign in to Microsoft Store. Global user accounts have some permissions in Microsoft Store, and Microsoft Store has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store.
@ -27,62 +36,65 @@ This table lists the global user accounts and the permissions they have in Micro
| | Global Administrator | Billing Administrator |
| ------------------------------ | --------------------- | --------------------- |
| Sign up for Microsoft Store for Business and Education | X |
| Modify company profile settings | X | |
| Purchase apps | X | X |
| Sign up for Microsoft Store for Business and Education | X | X |
| Modify company profile settings | X | X |
| Purchase apps | X | X |
| Distribute apps | X | X |
| Purchase subscription-based software | X | X |
- **Global Administrator** and **Billing Administrator** - IT Pros with these accounts have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store.
**Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store.
## Microsoft Store roles and permissions
**Billing Administrator** - IT Pros with this account have the same permissions as Microsoft Store Purchaser role.
## Billing account roles and permissions
There are a set of roles, managed at your billing account level, that help IT admins and employees manage access to and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store for Business.
Microsoft Store for Business has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store.
This table lists the roles and their permissions.
| Role | Buy from<br /><br /> Microsoft Store | Assign<br /><br /> roles | Edit<br /><br /> account | Sign<br /><br /> agreements | View<br /><br /> account |
| ------------------------| ------ | -------- | ------ | -------| -------- |
| Billing account owner | X | X | X | X | X |
| Billing account contributor | | | X | X | X |
| Billing account reader | | | | | X |
| Signatory | | | | X | X |
| | Admin | Purchaser | Device Guard signer |
| ------------------------------ | ------ | -------- | ------------------- |
| Assign roles | X | | |
| Manage Microsoft Store for Business and Education settings | X | | |
| Acquire apps | X | X | |
| Distribute apps | X | X | |
| Sign policies and catalogs | X | | |
| Sign Device Guard changes | X | | X |
<!---
These permissions allow people to:
- **Edit account**:
- Account information (view only)
- LOB publishers
- Management tools
- Offline licensing
- Permissions
- Private store
- **Acquire apps** - Acquire apps from Microsoft Store and add them to your inventory.
- **Distribute apps** - Distribute apps that are in your inventory.
- **Manage Microsoft Store settings**:
- Account information (view only)
- Device Guard signing
- LOB publishers
- Management tools
- Offline licensing
- Permissions
- Private store
- **Acquire apps** - Acquire apps from Microsoft Store and add them to your inventory.
- **Distribute apps** - Distribute apps that are in your inventory.
- Admins can assign apps to people, add apps to the private store, or use a management tool.
- Purchasers can assign apps to people.
-->
## Purchasing roles and permissions
There are also a set of roles for purchasing and managing items bought.
This table lists the roles and their permissions.
| Role | Buy from<br /><br /> Microsoft Store | Manage all items | Manage items<br /><br /> I buy |
| ------------| ------ | -------- | ------ |
| Purchaser | X | X | |
| Basic purchaser | X | | X |
## Assign roles
**To assign roles to people**
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
1. Sign in to Microsoft Store for Business or Microsoft Store for Education.
>[!Note]
>You need to be a Global Administrator, or have the Billing account owner role to access **Permissions**. 
>You need to be a Global Administrator, or have the Microsoft Store Admin role to access the **Permissions** page.
2. Select **Manage**, and then select **Permissions**.
3. On **Roles**, or **Purchasing roles**, select **Assign roles**.
4. Enter a name, choose the role you want to assign, and select **Save**.
If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts](manage-users-and-groups-microsoft-store-for-business.md).
To assign roles, you need to be a Global Administrator or a Store Administrator.
2. Click **Settings**, and then choose **Permissions**.
OR
Click **Manage**, and then click **Permissions** on the left-hand menu.
<!--- ![Image showing Permissions page in Microsoft Store for Business.](images/wsfb-settings-permissions.png) -->
3. Click **Add people**, type a name, choose the role you want to assign, and click **Save**.
<!--- ![Image showing Assign roles to people box in Microsoft Store for Business.](images/wsfb-permissions-assignrole.png) -->
4. If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md).

12
store-for-business/sign-up-microsoft-store-for-business-overview.md
View File

@ -3,16 +3,16 @@ title: Sign up and get started (Windows 10)
description: IT admins can sign up for the Microsoft Store for Business or Microsoft Store for Education and get started working with apps.
ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.author: cmcatee
author: cmcatee-MSFT
manager: scotv
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/03/2019
ms.date: 03/10/2021
---
# Sign up and get started
@ -24,13 +24,15 @@ ms.date: 10/03/2019
IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
> [!IMPORTANT]
> Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
## In this section
| Topic | Description |
| ----- | ----------- |
| [Microsoft Store for Business and Education overview](windows-store-for-business-overview.md) | Learn about Microsoft Store for Business. |
| [Prerequisites for Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) | There are a few prerequisites for using Microsoft Store for Business and Education.](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) |
| [Sign up for Microsoft Store for Business or Microsoft Store for Education](https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. |
| [Roles and permissions in Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/roles-and-permissions-microsoft-store-for-business)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
| [Settings reference: Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/settings-reference-microsoft-store-for-business) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |

105
store-for-business/sign-up-microsoft-store-for-business.md
View File

@ -1,105 +0,0 @@
---
title: Sign up for Microsoft Store for Business or Microsoft Store for Education (Windows 10)
description: Before you sign up for Microsoft Store for Business or Microsoft Store for Education, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization.
ms.assetid: 296AAC02-5C79-4999-B221-4F5F8CEA1F12
ms.reviewer:
manager: dansimp
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/17/2017
---
# Sign up for Microsoft Store for Business or Microsoft Store for Education
**Applies to**
- Windows 10
- Windows 10 Mobile
Before you sign up for Microsoft Store for Business or Microsoft Store for Education, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Microsoft Store for Business or Microsoft Store for Education. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process.
## Sign up for Microsoft Store
Before signing up for Microsoft Store, make sure you're the global administrator for your organization.
**To sign up for Microsoft Store**
1. Go to [https://www.microsoft.com/business-store](https://www.microsoft.com/business-store), or [https://www.microsoft.com/education-store](https://www.microsoft.com/education-store) and click **Sign up**.
- If you start Microsoft Store sign-up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome).
<!-- -->
- If you already have an Azure AD directory, you'll [sign in to Store for Business](#sign-in), and then accept Store for Business terms.
![Image showing Microsoft Store for Business page with invitation to sign up, or sign in.](images/wsfb-landing.png)
**To sign up for Azure AD accounts through Office 365 for Business**
- <a href="" id="o365-welcome"></a>Signing up for Microsoft Store will create an Azure AD directory and global administrator account for you. There are just a few steps.
Step 1: About you.
Type the required info and click **Next.**
![Image showing Welcome page for sign up process.](images/wsfb-onboard-1.png)
- Step 2: Create an ID.
We'll use info you provided on the previous page to build your user ID. Check the info and click **Next**.
![Image showing Create your user ID page for sign up process.](images/wsfb-onboard-2.png)
- Step 3: You're in.
Let us know how you'd like to receive a verification code, and click either **Text me**, or **Call me**. We'll send you a verification code
![Image showing confirmation page as part of sign up process.](images/wsfb-onboard-3.png)
- Verification.
Type your verification code and click **Create my account**.
![Image showing verification code step.](images/wsfb-onboard-4.png)
- Save this info.
Be sure to save the portal sign-in page and your user ID info. Click **You're ready to go**.
![Image showing sign-in page and user ID for Microsoft Store for Business.](images/wsfb-onboard-5.png)
- At this point, you'll have an Azure AD directory created with one user account. That user account is the global administrator. You can use that account to sign in to Store for Business.
2. <a href="" id="sign-in"></a>Sign in with your Azure AD account.
![Image showing sign-in page for Microsoft Store for Business.](images/wsfb-onboard-7.png)
3. <a href="" id="accept-terms"></a>Read through and accept Microsoft Store for Business and Education terms.
4. Welcome to the Store for Business. Click **Next** to continue.
![Image showing welcome message for Microsoft Store for business.](images/wsfb-firstrun.png)
## Next steps
After signing up for Microsoft Store for Business or Microsoft Store for Education, you can:
- **Add users to your Azure AD directory**. If you created your Azure AD directory during sign up, additional user accounts are required for employees to install apps you assign to them, or to browse the private store in Store app. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md).
- **Assign roles to employees**. For more information, see [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md).
 
 

11
windows/access-protection/docfx.json
View File

@ -40,7 +40,16 @@
"depot_name": "MSDN.win-access-protection",
"folder_relative_path_in_docset": "./"
}
}
},
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
},
"fileMetadata": {},
"template": [],

12
windows/application-management/docfx.json
View File

@ -44,7 +44,17 @@
"folder_relative_path_in_docset": "./"
}
},
"titleSuffix": "Windows Application Management"
"titleSuffix": "Windows Application Management",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
"searchScope": ["Windows 10"]
},
"fileMetadata": {},
"template": [],

10
windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
View File

@ -86,14 +86,14 @@ See the [example ETW capture](#example-etw-capture) at the bottom of this articl
The following is a high-level view of the main wifi components in Windows.
<table>
<tr><td><img src="images/wcm.png"></td><td>The <b>Windows Connection Manager</b> (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service. </td></tr>
<tr><td><img src="images/wlan.png"></td><td>The <b>WLAN Autoconfig Service</b> (WlanSvc) handles the following core functions of wireless networks in windows:
<tr><td><img src="images/wcm.png" alt="Windows Connection Manager"></td><td>The <b>Windows Connection Manager</b> (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service. </td></tr>
<tr><td><img src="images/wlan.png" alt="WLAN Autoconfig Service"></td><td>The <b>WLAN Autoconfig Service</b> (WlanSvc) handles the following core functions of wireless networks in windows:
- Scanning for wireless networks in range
- Managing connectivity of wireless networks</td></tr>
<tr><td><img src="images/msm.png"></td><td>The <b>Media Specific Module</b> (MSM) handles security aspects of connection being established.</td></tr>
<tr><td><img src="images/wifi-stack.png"></td><td>The <b>Native WiFi stack</b> consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.</td></tr>
<tr><td><img src="images/miniport.png"></td><td>Third-party <b>wireless miniport</b> drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.</td></tr>
<tr><td><img src="images/msm.png" alt="Media Specific Module"></td><td>The <b>Media Specific Module</b> (MSM) handles security aspects of connection being established.</td></tr>
<tr><td><img src="images/wifi-stack.png" alt="Native WiFi stack"></td><td>The <b>Native WiFi stack</b> consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.</td></tr>
<tr><td><img src="images/miniport.png" alt="Wireless miniport"></td><td>Third-party <b>wireless miniport</b> drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.</td></tr>
</table>

12
windows/client-management/docfx.json
View File

@ -46,7 +46,17 @@
"folder_relative_path_in_docset": "./"
}
},
"titleSuffix": "Windows Client Management"
"titleSuffix": "Windows Client Management",
"contributors_to_exclude": [
"rjagiewich",
"traya1",
"rmca14",
"claydetels19",
"jborsecnik",
"tiburd",
"garycentric"
],
"searchScope": ["Windows 10"]
},
"fileMetadata": {},
"template": [],

13
windows/client-management/mandatory-user-profile.md
View File

@ -16,7 +16,6 @@ ms.topic: article
# Create mandatory user profiles
**Applies to**
- Windows 10
A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
@ -76,7 +75,7 @@ First, you create a default user profile with the customizations that you want,
> [!TIP]
> If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\\System32\\Sysprep\\Panther\\setupact.log and look for an entry like the following:
>
> ![Microsoft Bing Translator package](images/sysprep-error.png)
> ![Microsoft Bing Translator package error](images/sysprep-error.png)
>
> Use the [Remove-AppxProvisionedPackage](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage?view=win10-ps) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
@ -86,20 +85,24 @@ First, you create a default user profile with the customizations that you want,
1. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
![Example of UI](images/copy-to.png)
![Example of User Profiles UI](images/copy-to.png)
1. In **Copy To**, under **Permitted to use**, click **Change**.
![Example of UI](images/copy-to-change.png)
![Example of Copy To UI](images/copy-to-change.png)
1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
1. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#profile-extension-for-each-windows-version) for the operating system version. For example, the folder name must end with ".v6" to identify it as a user profile folder for Windows 10, version 1607.
- If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
![Example of Copy profile to](images/copy-to-path.png)
- If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.
![Example of UI](images/copy-to-path.png)
![Example of Copy To UI with UNC path](images/copy-to-path.png)
1. Click **OK** to copy the default user profile.

22
windows/client-management/mdm/TOC.md
View File

@ -159,16 +159,16 @@
### [Personalization CSP](personalization-csp.md)
#### [Personalization DDF file](personalization-ddf.md)
### [Policy CSP](policy-configuration-service-provider.md)
#### [Policy DDF file](policy-ddf-file.md)
#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
#### [Policy CSP DDF file](policy-ddf-file.md)
#### [Policies in Policy CSP supported by Group Policy](policies-in-policy-csp-supported-by-group-policy.md)
#### [ADMX-backed policies in Policy CSP](policies-in-policy-csp-admx-backed.md)
#### [Policies in Policy CSP supported by HoloLens 2](policies-in-policy-csp-supported-by-hololens2.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md)
#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policies-in-policy-csp-supported-by-iot-enterprise.md)
#### [Policies in Policy CSP supported by Windows 10 IoT Core](policies-in-policy-csp-supported-by-iot-core.md)
#### [Policies in Policy CSP supported by Microsoft Surface Hub](policies-in-policy-csp-supported-by-surface-hub.md)
#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policies-in-policy-csp-that-can-be-set-using-eas.md)
#### [AboveLock](policy-csp-abovelock.md)
#### [Accounts](policy-csp-accounts.md)
#### [ActiveXControls](policy-csp-activexcontrols.md)
@ -203,6 +203,7 @@
#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md)
#### [ADMX_EventLog](policy-csp-admx-eventlog.md)
#### [ADMX_Explorer](policy-csp-admx-explorer.md)
#### [ADMX_FileRecovery](policy-csp-admx-filerecovery.md)
#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md)
#### [ADMX_FileSys](policy-csp-admx-filesys.md)
#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md)
@ -266,6 +267,7 @@
#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
#### [ADMX_WindowsFileProtection](policy-csp-admx-windowsfileprotection.md)
#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
#### [ADMX_WindowsRemoteManagement](policy-csp-admx-windowsremotemanagement.md)

15
windows/client-management/mdm/accounts-csp.md
View File

@ -11,15 +11,24 @@ ms.reviewer:
manager: dansimp
---
# Accounts CSP
# Accounts Configuration Service Provider
The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
The following diagram shows the Accounts configuration service provider in tree format.
The following shows the Accounts configuration service provider in tree format.
![Accounts CSP diagram](images/provisioning-csp-accounts.png)
```
./Device/Vendor/MSFT
Accounts
----Domain
--------ComputerName
----Users
--------UserName
------------Password
------------LocalUserGroup
```
<a href="" id="accounts"></a>**./Device/Vendor/MSFT/Accounts**
Root node.

46
windows/client-management/mdm/activesync-csp.md
View File

@ -19,8 +19,8 @@ The ActiveSync configuration service provider is used to set up and change setti
Configuring Windows Live ActiveSync accounts through this configuration service provider is not supported.
> **Note**  
The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
> [!NOTE]
> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is supported. However, the ./Vendor/MSFT/ActiveSync path will work if the user is logged in. The CSP fails when no user is logged in.
@ -28,15 +28,45 @@ The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in th
The following diagram shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
The following shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
![activesync csp (cp)](images/provisioning-csp-activesync-cp.png)
```
./Vendor/MSFT
ActiveSync
----Accounts
--------Account GUID
------------EmailAddress
------------Domain
------------AccountIcon
------------AccountType
------------AccountName
------------Password
------------ServerName
------------UserName
------------Options
----------------CalendarAgeFilter
----------------Logging
----------------MailBodyType
----------------MailHTMLTruncation
----------------MailPlainTextTruncation
----------------Schedule
----------------UseSSL
----------------MailAgeFilter
----------------ContentTypes
--------------------Content Type GUID
------------------------Enabled
------------------------Name
------------Policies
----------------MailBodyType
----------------MaxMailAgeFilter
```
<a href="" id="--user-vendor-msft-activesync"></a>**./User/Vendor/MSFT/ActiveSync**
The root node for the ActiveSync configuration service provider.
> **Note**  
The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
> [!NOTE]
> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
On the desktop, only per user configuration (./User/Vendor/MSFT/ActiveSync) is supported. However, the ./Vendor/MSFT/ActiveSync will work if the user is logged in. The CSP fails when no user is logged in.
@ -231,8 +261,8 @@ Valid values are one of the following:
<a href="" id="options-contenttypes-content-type-guid-name"></a>**Options/ContentTypes/*Content Type GUID*/Name**
Required. A character string that specifies the name of the content type.
> **Note**  In Windows 10, this node is currently not working.
> [!NOTE]
> In Windows 10, this node is currently not working.
Supported operations are Get, Replace, and Add (cannot Add after the account is created).

36
windows/client-management/mdm/alljoynmanagement-csp.md
View File

@ -17,8 +17,8 @@ ms.date: 06/26/2017
The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus. The devices must support the Microsoft AllJoyn configuration interface (com.microsoft.alljoynmanagement.config). You can also push configuration files to the same devices. To populate the various nodes when setting new configuration, we recommend that you do a query first, to get the actual values for all the nodes in all the attached devices. You can then use the information from the query to set the node values when pushing the new configuration.
> **Note**  
The AllJoynManagement configuration service provider (CSP) is only supported in Windows 10 IoT Core (IoT Core).
> [!NOTE]
> The AllJoynManagement configuration service provider (CSP) is only supported in Windows 10 IoT Core (IoT Core).
This CSP was added in Windows 10, version 1511.
@ -26,9 +26,37 @@ This CSP was added in Windows 10, version 1511.
For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB) Project](https://go.microsoft.com/fwlink/p/?LinkId=615876) and [AllJoyn Device System Bridge](https://go.microsoft.com/fwlink/p/?LinkId=615877).
The following diagram shows the AllJoynManagement configuration service provider in tree format
The following shows the AllJoynManagement configuration service provider in tree format
![alljoynmanagement csp diagram](images/provisioning-csp-alljoynmanagement.png)
```
./Vendor/MSFT
AllJoynManagement
----Configurations
--------ServiceID
------------Port
----------------PortNum
--------------------ConfigurableObjects
------------------------CfgObjectPath
----Credentials
--------ServiceID
------------Key
----Firewall
--------PublicProfile
--------PrivateProfile
----Services
--------ServiceID
------------AppId
------------DeviceId
------------AppName
------------Manufacturer
------------ModelNumber
------------Description
------------SoftwareVersion
------------AJSoftwareVersion
------------HardwareVersion
----Options
--------QueryIdleTime
```
The following list describes the characteristics and parameters.

43
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -1,6 +1,6 @@
---
title: ApplicationControl CSP
description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server.
description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server.
keywords: security, malware
ms.author: dansimp
ms.topic: article
@ -16,10 +16,33 @@ ms.date: 09/10/2020
Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
The following diagram shows the ApplicationControl CSP in tree format.
![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png)
The following shows the ApplicationControl CSP in tree format.
```
./Vendor/MSFT
ApplicationControl
----Policies
--------Policy GUID
------------Policy
------------PolicyInfo
----------------Version
----------------IsEffective
----------------IsDeployed
----------------IsAuthorized
----------------Status
----------------FriendlyName
------------Token
----------------TokenID
----Tokens
--------ID
------------Token
------------TokenInfo
----------------Status
------------PolicyIDs
----------------Policy GUID
----TenantID
----DeviceID
```
<a href="" id="vendor-msft-applicationcontrol"></a>**./Vendor/MSFT/ApplicationControl**
Defines the root node for the ApplicationControl CSP.
@ -99,7 +122,7 @@ The following table provides the result of this policy based on different values
|False|False|True|Not Reachable.|
|False|False|False|*Not Reachable.|
`*` denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail.
\* denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-status"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status**
This node specifies whether the deployment of the policy indicated by the GUID was successful.
@ -117,7 +140,7 @@ Value type is char.
## Microsoft Endpoint Manager (MEM) Intune Usage Guidance
For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune)
For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
## Generic MDM Server Usage Guidance
@ -125,11 +148,11 @@ In order to leverage the ApplicationControl CSP without using Intune, you must:
1. Know a generated policy's GUID, which can be found in the policy xml as `<PolicyID>` or `<PolicyTypeID>` for pre-1903 systems.
2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool.
3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command-line tool.
Below is a sample certutil invocation:
```cmd
```console
certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
```
@ -141,7 +164,7 @@ An alternative to using certutil would be to use the following PowerShell invoca
### Deploy Policies
To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below.
To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the Format section in the Example 1 below.
To deploy base policy and supplemental policies:
@ -285,7 +308,7 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Mi
Run the following command. PolicyID is a GUID which can be found in the policy xml, and should be used here without braces.
```powershell
New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{ParentID="./Vendor/MSFT/ApplicationControl/Policies";InstanceID="<PolicyID>";Policy=$policyBase64}
New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{ParentID="./Vendor/MSFT/ApplicationControl/Policies";InstanceID="<PolicyID>";Policy=$policyBase64}
```
### Querying all policies via WMI Bridge

72
windows/client-management/mdm/applocker-csp.md
View File

@ -17,10 +17,54 @@ ms.date: 11/19/2019
The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked.
The following diagram shows the AppLocker configuration service provider in tree format.
![applocker csp](images/provisioning-csp-applocker.png)
The following shows the AppLocker configuration service provider in tree format.
```
./Vendor/MSFT
AppLocker
----ApplicationLaunchRestrictions
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------MSI
----------------Policy
----------------EnforcementMode
------------Script
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
------------DLL
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------CodeIntegrity
----------------Policy
----EnterpriseDataProtection
--------Grouping
------------EXE
----------------Policy
------------StoreApps
----------------Policy
----LaunchControl
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
----FamilySafety
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
```
<a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/AppLocker**
Defines the root node for the AppLocker configuration service provider.
@ -288,10 +332,10 @@ The following table show the mapping of information to the AppLocker publisher r
Here is an example AppLocker publisher rule:
``` syntax
FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*">
```xml
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</FilePublisherCondition>
```
You can get the publisher name and product name of apps using a web API.
@ -299,7 +343,9 @@ You can get the publisher name and product name of apps using a web API.
**To find publisher and product name for Microsoft apps in Microsoft Store for Business**
1. Go to the Microsoft Store for Business website, and find your app. For example, Microsoft OneNote.
2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https:<span><\span>//www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, **9wzdncrfhvjl**.
2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, **9wzdncrfhvjl**.
3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.
<table>
@ -313,25 +359,22 @@ You can get the publisher name and product name of apps using a web API.
</thead>
<tbody>
<tr class="odd">
<td><p>https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata</p></td>
<td><p><code>https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata</code></p></td>
</tr>
</tbody>
</table>
~~~
Here is the example for Microsoft OneNote:
Request
``` syntax
```http
https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata
```
Result
``` syntax
```json
{
"packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe",
"packageIdentityName": "Microsoft.Office.OneNote",
@ -339,7 +382,6 @@ Result
"publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
}
```
~~~
<table>
<colgroup>

49
windows/client-management/mdm/assignedaccess-csp.md
View File

@ -29,10 +29,17 @@ For a step-by-step guide for setting up devices to run in kiosk mode, see [Set u
> [!Note]
> The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting from Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S. Starting in Windows 10, version 1803, it is also supported in Windows Holographic for Business edition.
The following diagram shows the AssignedAccess configuration service provider in tree format
![assignedaccess csp diagram](images/provisioning-csp-assignedaccess.png)
The following shows the AssignedAccess configuration service provider in tree format
```
./Vendor/MSFT
AssignedAccess
----KioskModeApp
----Configuration (Added in Windows 10, version 1709)
----Status (Added in Windows 10, version 1803)
----ShellLauncher (Added in Windows 10, version 1803)
----StatusConfiguration (Added in Windows 10, version 1803)
```
<a href="" id="--vendor-msft-assignedaccess"></a>**./Device/Vendor/MSFT/AssignedAccess**
Root node for the CSP.
@ -53,7 +60,7 @@ Starting in Windows 10, version 1607, you can use a provisioned app to configur
Here's an example:
``` syntax
```json
{"Account":"contoso\\kioskuser","AUMID":"Microsoft.Windows.Contoso_cw5n1h2txyewy!Microsoft.ContosoApp.ContosoApp"}
```
@ -97,7 +104,8 @@ In Windows 10, version 1803, Assigned Access runtime status only supports monito
| KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. |
| KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. |
Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus.
> [!NOTE]
> Status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus.
|Status code | KioskModeAppRuntimeStatus |
|---------|---------|
@ -116,7 +124,8 @@ In Windows 10, version 1809, Assigned Access runtime status supports monitoring
|ActivationFailed|The AssignedAccess account (kiosk or multi-app) failed to sign in.|
|AppNoResponse|The kiosk app launched successfully but is now unresponsive.|
Note that status codes available in the Status payload correspond to a specific AssignedAccessRuntimeStatus.
> [!NOTE]
> Status codes available in the Status payload correspond to a specific AssignedAccessRuntimeStatus.
|Status code|AssignedAccessRuntimeStatus|
|---|---|
@ -573,7 +582,7 @@ Escape and CDATA are mechanisms when handling xml in xml. Consider its a tran
This example shows escaped XML of the Data node.
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
@ -642,8 +651,10 @@ This example shows escaped XML of the Data node.
</SyncBody>
</SyncML>
```
This example shows escaped XML of the Data node.
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Replace>
@ -714,7 +725,8 @@ This example shows escaped XML of the Data node.
```
This example uses CData for the XML.
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
@ -785,7 +797,8 @@ This example uses CData for the XML.
```
Example of Get command that returns the configuration in the device.
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Get>
@ -802,7 +815,8 @@ Example of Get command that returns the configuration in the device.
```
Example of the Delete command.
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Delete>
@ -1122,6 +1136,7 @@ Shell Launcher V2 uses a separate XSD and namespace for backward compatibility.
</xs:element>
</xs:schema>
```
### Shell Launcher V2 XSD
```xml
@ -1151,7 +1166,8 @@ Shell Launcher V2 uses a separate XSD and namespace for backward compatibility.
## ShellLauncherConfiguration examples
ShellLauncherConfiguration Add
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
@ -1220,7 +1236,8 @@ ShellLauncherConfiguration Add
```
ShellLauncherConfiguration Add AutoLogon
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
@ -1268,7 +1285,8 @@ ShellLauncherConfiguration Add AutoLogon
```
ShellLauncher V2 Add
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
@ -1323,7 +1341,8 @@ xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
```
ShellLauncherConfiguration Get
```
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Get>

37
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -13,7 +13,7 @@ author: lomayor
# Azure Active Directory integration with MDM
Azure Active Directory is the world largest enterprise cloud identity management service. Its used by millions of organizations to access Office 365 and thousands of business applications from Microsoft and third party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows 10 provides an integrated configuration experience with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in a smooth integrated flow.
Azure Active Directory is the world largest enterprise cloud identity management service. Its used by millions of organizations to access Office 365 and thousands of business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows 10 provides an integrated configuration experience with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in a smooth integrated flow.
Once a device is enrolled in MDM, the MDM can enforce compliance with corporate policies, add or remove apps, and more. Additionally, the MDM can report a devices compliance Azure AD. This enables Azure AD to allow access to corporate resources or applications secured by Azure AD only to devices that comply with policies. To support these rich experiences with their MDM product, MDM vendors can integrate with Azure AD. This topic describes the steps involved.
@ -52,19 +52,19 @@ Two Azure AD MDM enrollment scenarios:
In both scenarios, Azure AD is responsible for authenticating the user and the device, which provides a verified unique device identifier that can be used for MDM enrollment.
In both scenarios, the enrollment flow provides an opportunity for the MDM service to render it's own UI, using a web view. MDM vendors should use this to render the Terms of Use (TOU), which can be different for company-owned and BYOD devices. MDM vendors can also use the web view to render additional UI elements, such as asking for a one-time PIN, if this is part of the business process of the organization.
In both scenarios, the enrollment flow provides an opportunity for the MDM service to render its own UI, using a web view. MDM vendors should use this to render the Terms of Use (TOU), which can be different for company-owned and BYOD devices. MDM vendors can also use the web view to render additional UI elements, such as asking for a one-time PIN, if this is part of the business process of the organization.
In the out-of-the-box scenario, the web view is 100% full screen, which gives the MDM vendor the ability to paint an edge-to-edge experience. With great power comes great responsibility! It is important that MDM vendors who chose to integrate with Azure AD to respect the Windows 10 design guidelines to the letter. This includes using a responsive web design and respecting the Windows accessibility guidelines, which includes the forward and back buttons that are properly wired to the navigation logic. Additional details are provided later in this topic.
In the out-of-the-box scenario, the web view is 100% full screen, which gives the MDM vendor the ability to paint an edge-to-edge experience. With great power comes great responsibility! It is important that MDM vendors who chose to integrate with Azure AD respect the Windows 10 design guidelines to the letter. This includes using a responsive web design and respecting the Windows accessibility guidelines, which includes the forward and back buttons that are properly wired to the navigation logic. Additional details are provided later in this topic.
For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [this article](https://go.microsoft.com/fwlink/?LinkId=690246).
For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [Configure Azure MFA as authentication provider with AD FS](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa).
Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar.
Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be managed through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios is similar.
> [!NOTE]
> Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
### MDM endpoints involved in Azure AD integrated enrollment
### MDM endpoints involved in Azure ADintegrated enrollment
Azure AD MDM enrollment is a two-step process:
@ -112,27 +112,39 @@ The keys used by the MDM application to request access tokens from Azure AD are
Use the following steps to register a cloud-based MDM application with Azure AD. At this time, you need to work with the Azure AD engineering team to expose this application through the Azure AD app gallery.
1. Login to the Azure Management Portal using an admin account in your home tenant.
1. Log in to the Azure Management Portal using an admin account in your home tenant.
2. In the left navigation, click on the **Active Directory**.
3. Click the directory tenant where you want to register the application.
Ensure that you are logged into your home tenant.
4. Click the **Applications** tab.
5. In the drawer, click **Add**.
6. Click **Add an application my organization is developing**.
7. Enter a friendly name for the application, such as ContosoMDM, select **Web Application and or Web API**, then click **Next**.
8. Enter the login URL for your MDM service.
9. For the App ID, enter **https://&lt;your\_tenant\_name>/ContosoMDM**, then click OK.
10. While still in the Azure portal, click the **Configure** tab of your application.
11. Mark your application as **multi-tenant**.
12. Find the client ID value and copy it.
You will need this later when configuring your application. This client ID is used when obtaining access tokens and adding applications to the Azure AD app gallery.
13. Generate a key for your application and copy it.
You will need this to call the Azure AD Graph API to report device compliance. This is covered in the subsequent section.
For more information about how to register a sample application with Azure AD, see the steps to register the **TodoListService Web API** in [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667)
For more information about how to register a sample application with Azure AD, see the steps to register the **TodoListService Web API** in [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667).
### Add an on-premises MDM
@ -208,7 +220,7 @@ The following table shows the required information to create an entry in the Azu
### Add on-premises MDM to the app gallery
There are no special requirements for adding on-premises MDM to the app gallery.There is a generic entry for administrator to add an app to their tenant.
There are no special requirements for adding on-premises MDM to the app gallery. There is a generic entry for administrator to add an app to their tenant.
However, key management is different for on-premises MDM. You must obtain the client ID (app ID) and key assigned to the MDM app within the customer's tenant. These are used to obtain authorization to access the Azure AD Graph API and for reporting device compliance.
@ -347,6 +359,7 @@ The following claims are expected in the access token passed by Windows to the T
</tr>
</tbody>
</table>
<br/>
> [!NOTE]
> There is no device ID claim in the access token because the device may not yet be enrolled at this time.
@ -355,7 +368,7 @@ To retrieve the list of group memberships for the user, you can use the [Azure A
Here's an example URL.
```console
```http
https://fabrikam.contosomdm.com/TermsOfUse?redirect_uri=ms-appx-web://ContosoMdm/ToUResponse&client-request-id=34be581c-6ebd-49d6-a4e1-150eff4b7213&api-version=1.0
Authorization: Bearer eyJ0eXAiOi
```
@ -647,7 +660,7 @@ Alert sample:
## Determine when a user is logged in through polling
An alert is send to the MDM server in DM package\#1.
An alert is sent to the MDM server in DM package\#1.
- Alert type - com.microsoft/MDM/LoginStatus
- Alert format - chr
@ -925,5 +938,3 @@ When a user is enrolled into MDM through Azure Active Directory Join and then di

53
windows/client-management/mdm/bitlocker-csp.md
View File

@ -17,6 +17,7 @@ The BitLocker configuration service provider (CSP) is used by the enterprise to
> [!NOTE]
> Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes.
>
> You must send all the settings together in a single SyncML to be effective.
A Get operation on any of the settings, except for RequireDeviceEncryption and RequireStorageCardEncryption, returns
@ -24,11 +25,29 @@ the setting configured by the admin.
For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation returns the actual status of enforcement to the admin, such as if Trusted Platform Module (TPM) protection is required and if encryption is required. And if the device has BitLocker enabled but with password protector, the status reported is 0. A Get operation on RequireDeviceEncryption does not verify that the a minimum PIN length is enforced (SystemDrivesMinimumPINLength).
The following diagram shows the BitLocker configuration service provider in tree format.
![BitLocker csp](images/provisioning-csp-bitlocker.png)
The following shows the BitLocker configuration service provider in tree format.
```
./Device/Vendor/MSFT
BitLocker
----RequireStorageCardEncryption
----RequireDeviceEncryption
----EncryptionMethodByDriveType
----SystemDrivesRequireStartupAuthentication
----SystemDrivesMinimumPINLength
----SystemDrivesRecoveryMessage
----SystemDrivesRecoveryOptions
----FixedDrivesRecoveryOptions
----FixedDrivesRequireEncryption
----RemovableDrivesRequireEncryption
----AllowWarningForOtherDiskEncryption
----AllowStandardUserEncryption
----ConfigureRecoveryPasswordRotation
----RotateRecoveryPasswords
----Status
--------DeviceEncryptionStatus
--------RotateRecoveryPasswordsStatus
--------RotateRecoveryPasswordsRequestID
```
<a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
<!--Policy-->
@ -225,18 +244,18 @@ EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for remov
If you want to disable this policy use the following SyncML:
```xml
<Replace>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/BitLocker/EncryptionMethodByDriveType</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data><disabled/></Data>
</Item>
</Replace>
<Replace>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/BitLocker/EncryptionMethodByDriveType</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data><disabled/></Data>
</Item>
</Replace>
```
Data type is string. Supported operations are Add, Get, Replace, and Delete.

119
windows/client-management/mdm/certificatestore-csp.md
View File

@ -25,16 +25,94 @@ The CertificateStore configuration service provider is used to add secure socket
For the CertificateStore CSP, you cannot use the Replace command unless the node already exists.
The following diagram shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
![provisioning\-csp\-certificatestore](images/provisioning-csp-certificatestore.png)
The following shows the CertificateStore configuration service provider management object in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
```
./Vendor/MSFT
CertificateStore
----ROOT
--------*
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName
--------System
------------*
----------------EncodedCertificate
----------------IssuedBy
----------------IssuedTo
----------------ValidFrom
----------------ValidTo
----------------TemplateName
----MY
--------User
------------*
----------------EncodedCertificate
----------------IssuedBy
----------------IssuedTo
----------------ValidFrom
----------------ValidTo
----------------TemplateName
--------SCEP
------------*
----------------Install
--------------------ServerURL
--------------------Challenge
--------------------EKUMapping
--------------------KeyUsage
--------------------SubjectName
--------------------KeyProtection
--------------------RetryDelay
--------------------RetryCount
--------------------TemplateName
--------------------KeyLength
--------------------HashAlgrithm
--------------------CAThumbPrint
--------------------SubjectAlternativeNames
--------------------ValidPeriod
--------------------ValidPeriodUnit
--------------------Enroll
----------------CertThumbPrint
----------------Status
----------------ErrorCode
--------WSTEP
------------CertThumprint
------------Renew
----------------RenewPeriod
----------------ServerURL
----------------RetryInterval
----------------ROBOSupport
----------------Status
----------------ErrorCode
----------------LastRenewalAttemptTime (Added in Windows 10, version 1607)
----------------RenewNow (Added in Windows 10, version 1607)
----------------RetryAfterExpiryInterval (Added in Windows 10, version 1703)
----CA
--------*
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName
--------System
------------*
----------------EncodedCertificate
----------------IssuedBy
----------------IssuedTo
----------------ValidFrom
----------------ValidTo
----------------TemplateName
```
<a href="" id="root-system"></a>**Root/System**
Defines the certificate store that contains root, or self-signed, certificates.
Supported operation is Get.
> **Note**  Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates.
> [!NOTE]
> Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates.
@ -43,7 +121,8 @@ Defines the certificate store that contains cryptographic information, including
Supported operation is Get.
> **Note**  CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates.
> [!NOTE]
> CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates.
@ -52,7 +131,8 @@ Defines the certificate store that contains public keys for client certificates.
Supported operation is Get.
> **Note**  My/User is case sensitive.
> [!NOTE]
> My/User is case sensitive.
@ -61,7 +141,8 @@ Defines the certificate store that contains public key for client certificate. T
Supported operation is Get.
> **Note**  My/System is case sensitive.
> [!NOTE]
> My/System is case sensitive.
@ -105,7 +186,8 @@ Required for Simple Certificate Enrollment Protocol (SCEP) certificate enrollmen
Supported operation is Get.
> **Note**  Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP.
> [!NOTE]
> Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP.
@ -119,7 +201,8 @@ Required for SCEP certificate enrollment. Parent node to group SCEP certificate
Supported operations are Add, Replace, and Delete.
> **Note**   Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values.
> [!NOTE]
> Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values.
@ -219,7 +302,8 @@ Valid values are one of the following:
- Months
- Years
> **Note**   The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
> [!NOTE]
> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
@ -228,7 +312,8 @@ Optional. Specifies desired number of units used in validity period and subject
Supported operations are Get, Add, Delete, and Replace.
> **Note**   The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
> [!NOTE]
> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
@ -285,7 +370,8 @@ Supported operation is Get.
<a href="" id="my-wstep-renew-serverurl"></a>**My/WSTEP/Renew/ServerURL**
Optional. Specifies the URL of certificate renewal server. If this node does not exist, the client uses the initial certificate enrollment URL.
> **Note**  The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service.
> [!NOTE]
> The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service.
@ -298,7 +384,8 @@ The default value is 42 and the valid values are 1 1000. Value type is an in
Supported operations are Add, Get, Delete, and Replace.
> **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
> [!NOTE]
> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
@ -313,7 +400,8 @@ The default value is 7 and the valid values are 1 1000 AND =< RenewalPeriod,
Supported operations are Add, Get, Delete, and Replace.
> **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
> [!NOTE]
> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
@ -324,7 +412,8 @@ ROBO is the only supported renewal method for Windows 10. This value is ignored
Supported operations are Add, Get, Delete, and Replace.
> **Note**   When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
> [!NOTE]
> When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.

11
windows/client-management/mdm/cleanpc-csp.md
View File

@ -15,10 +15,13 @@ manager: dansimp
The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703.
The following diagram shows the CleanPC configuration service provider in tree format.
![CleanPC csp diagram](images/provisioning-csp-cleanpc.png)
The following shows the CleanPC configuration service provider in tree format.
```
./Device/Vendor/MSFT
CleanPC
----CleanPCWithoutRetainingUserData
----CleanPCRetainingUserData
```
<a href="" id="--device-vendor-msft-cleanpc"></a>**./Device/Vendor/MSFT/CleanPC**
<p style="margin-left: 20px">The root node for the CleanPC configuration service provider.</p>

49
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -23,10 +23,48 @@ For PFX certificate installation and SCEP installation, the SyncML commands must
You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
The following image shows the ClientCertificateInstall configuration service provider in tree format.
![clientcertificateinstall csp](images/provisioning-csp-clientcertificateinstall.png)
The following shows the ClientCertificateInstall configuration service provider in tree format.
```
./Vendor/MSFT
ClientCertificateInstall
----PFXCertInstall
--------UniqueID
------------KeyLocation
------------ContainerName
------------PFXCertBlob
------------PFXCertPassword
------------PFXCertPasswordEncryptionType
------------PFXKeyExportable
------------Thumbprint
------------Status
------------PFXCertPasswordEncryptionStore (Added in Windows 10, version 1511)
----SCEP
--------UniqueID
------------Install
----------------ServerURL
----------------Challenge
----------------EKUMapping
----------------KeyUsage
----------------SubjectName
----------------KeyProtection
----------------RetryDelay
----------------RetryCount
----------------TemplateName
----------------KeyLength
----------------HashAlgorithm
----------------CAThumbprint
----------------SubjectAlternativeNames
----------------ValidPeriod
----------------ValidPeriodUnits
----------------ContainerName
----------------CustomTextToShowInPrompt
----------------Enroll
----------------AADKeyIdentifierList (Added in Windows 10, version 1703)
------------CertThumbprint
------------Status
------------ErrorCode
------------RespondentServerUrl
```
<a href="" id="device-or-user"></a>**Device or User**
For device certificates, use <strong>./Device/Vendor/MSFT</strong> path and for user certificates use <strong>./User/Vendor/MSFT</strong> path.
@ -287,7 +325,8 @@ Valid values are:
- Months
- Years
> **Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate.
> [!NOTE]
> The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate.
Supported operations are Add, Get, Delete, and Replace.

45
windows/client-management/mdm/cm-proxyentries-csp.md
View File

@ -17,18 +17,49 @@ ms.date: 06/26/2017
The CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device.
> **Note**  CM\_ProxyEntries CSP is only supported in Windows 10 Mobile.
>
>
>
> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
> [!NOTE]
> CM\_ProxyEntries CSP is only supported in Windows 10 Mobile.
> [!IMPORTANT]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
The following diagram shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607.
The following shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607.
![cm\-proxyentries csp (cp)](images/provisioning-csp-cm-proxyentries-cp.png)
```
./Vendor/MSFT
CM_ProxyEntries
----Entry
--------ConnectionName
--------BypassLocal
--------Enable
--------Exception
--------Password
--------Port
--------Server
--------Type
--------Username
./Device/Vendor/MSFT
Root
./Vendor/MSFT
./Device/Vendor/MSFT
CM_ProxyEntries
----Entry
--------ConnectionName
--------BypassLocal
--------Enable
--------Exception
--------Password
--------Port
--------Server
--------Type
--------Username
```
<a href="" id="entryname"></a>**entryname**
Defines the name of the connection proxy.

32
windows/client-management/mdm/cmpolicy-csp.md
View File

@ -17,9 +17,8 @@ ms.date: 06/26/2017
The CMPolicy configuration service provider defines rules that the Connection Manager uses to identify the correct connection for a connection request.
> **Note**  
This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
> [!NOTE]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicy configuration service provider can have multiple policies
@ -28,10 +27,21 @@ Each policy entry identifies one or more applications in combination with a host
**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phones default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
The following diagram shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
![cmpolicy csp (dm,cp)](images/provisioning-csp-cmpolicy.png)
The following shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
```
./Vendor/MSFT
CMPolicy
----PolicyName
--------SID
--------ClientType
--------Host
--------OrderedConnections
--------Connections
------------ConnXXX
----------------ConnectionID
----------------Type
```
<a href="" id="policyname"></a>***policyName***
Defines the name of the policy.
@ -64,7 +74,7 @@ Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
<a href="" id="connxxx"></a>**Conn**<strong>*XXX*</strong>
Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits, which increment starting from "000". For example, a policy, which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
<a href="" id="connectionid"></a>**ConnectionID**
Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
@ -173,11 +183,11 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ
<td><p>{7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}</p></td>
</tr>
<tr class="even">
<td><p>Ethernet 10Mbps</p></td>
<td><p>Ethernet 10 Mbps</p></td>
<td><p>{97D3D1B3-854A-4C32-BD1C-C13069078370}</p></td>
</tr>
<tr class="odd">
<td><p>Ethernet 100Mbps</p></td>
<td><p>Ethernet 100 Mbps</p></td>
<td><p>{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}</p></td>
</tr>
<tr class="even">
@ -486,14 +496,14 @@ Adding a host-based mapping policy:
<td><p>Yes</p></td>
</tr>
<tr class="even">
<td><p>nocharacteristic</p></td>
<td><p>uncharacteristic</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<td><p>characteristic-query</p></td>
<td><p>Yes</p>
<p>Recursive query: Yes</p>
<p>Top level query: Yes</p></td>
<p>Top-level query: Yes</p></td>
</tr>
</tbody>
</table>

22
windows/client-management/mdm/cmpolicyenterprise-csp.md
View File

@ -17,8 +17,8 @@ ms.date: 06/26/2017
The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request.
> **Note**  
This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
> [!NOTE]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
@ -28,10 +28,20 @@ Each policy entry identifies one or more applications in combination with a host
**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phones default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
The following diagram shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
![cmpolicy csp (dm,cp)](images/provisioning-csp-cmpolicyenterprise.png)
The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
```
./Vendor/MSFT
CMPolicy
----PolicyName
--------SID
--------ClientType
--------Host
--------OrderedConnections
--------Connections
------------ConnXXX
----------------ConnectionID
----------------Type
```
<a href="" id="policyname"></a>***policyName***
Defines the name of the policy.

13
windows/client-management/mdm/customdeviceui-csp.md
View File

@ -15,11 +15,18 @@ ms.date: 06/26/2017
# CustomDeviceUI CSP
The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported.
The following diagram shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
> **Note**  This configuration service provider only applies to Windows 10 IoT Core (IoT Core).
> [!NOTE]
> This configuration service provider only applies to Windows 10 IoT Core (IoT Core).
![customdeviceui csp](images/provisioning-csp-customdeviceui.png)
```
./Vendor/MSFT
CustomDeviceUI
----StartupAppID
----BackgroundTasksToLaunch
--------BackgroundTaskPackageName
```
<a href="" id="./Vendor/MSFT/CustomDeviceUI"></a>**./Vendor/MSFT/CustomDeviceUI**
The root node for the CustomDeviceUI configuration service provider. The supported operation is Get.

87
windows/client-management/mdm/defender-csp.md
View File

@ -20,10 +20,49 @@ ms.date: 08/11/2020
The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
The following image shows the Windows Defender configuration service provider in tree format.
![defender csp diagram](images/provisioning-csp-defender.png)
The following shows the Windows Defender configuration service provider in tree format.
```
./Vendor/MSFT
Defender
----Detections
--------ThreatId
------------Name
------------URL
------------Severity
------------Category
------------CurrentStatus
------------ExecutionStatus
------------InitialDetectionTime
------------LastThreatStatusChangeTime
------------NumberOfDetections
----Health
--------ProductStatus (Added in Windows 10 version 1809)
--------ComputerState
--------DefenderEnabled
--------RtpEnabled
--------NisEnabled
--------QuickScanOverdue
--------FullScanOverdue
--------SignatureOutOfDate
--------RebootRequired
--------FullScanRequired
--------EngineVersion
--------SignatureVersion
--------DefenderVersion
--------QuickScanTime
--------FullScanTime
--------QuickScanSigVersion
--------FullScanSigVersion
--------TamperProtectionEnabled (Added in Windows 10, version 1903)
--------IsVirtualMachine (Added in Windows 10, version 1903)
----Configuration (Added in Windows 10, version 1903)
--------TamperProetection (Added in Windows 10, version 1903)
--------EnableFileHashcomputation (Added in Windows 10, version 1903)
--------SupportLogLocation (Added in the next major release of Windows 10)
----Scan
----UpdateSignature
----OfflineScan (Added in Windows 10 version 1803)
```
<a href="" id="detections"></a>**Detections**
An interior node to group all threats detected by Windows Defender.
@ -410,6 +449,46 @@ Valid values are:
- 1 Enable.
- 0 (default) Disable.
<a href="" id="configuration-disablecputhrottleonidlescans"></a>**Configuration/DisableCpuThrottleOnIdleScans**<br>
Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 1 Enable.
- 0 (default) Disable.
<a href="" id="configuration-meteredconnectionupdates"></a>**Configuration/MeteredConnectionUpdates**<br>
Allow managed devices to update through metered connections. Data charges may apply.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 1 Enable.
- 0 (default) Disable.
<a href="" id="configuration-allownetworkprotectiononwinserver"></a>**Configuration/AllowNetworkProtectionOnWinServer**<br>
This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server. If false, the value of EnableNetworkProtection will be ignored.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 1 Enable.
- 0 (default) Disable.
<a href="" id="configuration-exclusionipaddress"></a>**Configuration/ExclusionIpAddress**<br>
Allows an administrator to explicitly disable network packet inspection made by wdnisdrv on a particular set of IP addresses.
The data type is string.
Supported operations are Add, Delete, Get, Replace.
<a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**
Enables or disables file hash computation feature.
When this feature is enabled Windows defender will compute hashes for files it scans.

50
windows/client-management/mdm/devdetail-csp.md
View File

@ -21,10 +21,43 @@ The DevDetail configuration service provider handles the management object which
For the DevDetail CSP, you cannot use the Replace command unless the node already exists.
The following diagram shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider.
![devdetail csp (dm)](images/provisioning-csp-devdetail-dm.png)
The following shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider.
```
.
DevDetail
----URI
--------MaxDepth
--------MaxTotLen
--------MaxSegLen
----DevTyp
----OEM
----FwV
----SwV
----HwV
----LrgObj
----Ext
--------Microsoft
------------MobileID
------------RadioSwV
------------Resolution
------------CommercializationOperator
------------ProcessorArchitecture
------------ProcessorType
------------OSPlatform
------------LocalTime
------------DeviceName
------------DNSComputerName (Added in Windows 10, version 2004)
------------TotalStorage
------------TotalRAM
------------SMBIOSSerialNumber (Added in Windows 10, version 1809)
--------WLANMACAddress
--------VoLTEServiceSetting
--------WlanIPv4Address
--------WlanIPv6Address
--------WlanDnsSuffix
--------WlanSubnetMask
--------DeviceHardwareData (Added in Windows 10, version 1703)
```
<a href="" id="devtyp"></a>**DevTyp**
Required. Returns the device model name /SystemProductName as a string.
@ -143,8 +176,10 @@ The following are the available naming macros:
Value type is string. Supported operations are Get and Replace.
> [!Note]
> On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer&quot;s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
> [!NOTE]
> We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment.
On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
<a href="" id="ext-microsoft-totalstorage"></a>**Ext/Microsoft/TotalStorage**
Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
@ -215,6 +250,3 @@ Supported operation is Get.

19
windows/client-management/mdm/developersetup-csp.md
View File

@ -19,10 +19,21 @@ The DeveloperSetup configuration service provider (CSP) is used to configure Dev
> [!NOTE]
> The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM.
The following diagram shows the DeveloperSetup configuration service provider in tree format.
![developersetup csp diagram](images/provisioning-csp-developersetup.png)
The following shows the DeveloperSetup configuration service provider in tree format.
```
./Device/Vendor/MSFT
DeveloperSetup
----EnableDeveloperMode
----DevicePortal
--------Authentication
------------Mode
------------BasicAuth
----------------Username
----------------Password
--------Connection
------------HttpPort
------------HttpsPort
```
<a href="" id="developersetup"></a>**DeveloperSetup**
<p style="margin-left: 20px">The root node for the DeveloperSetup configuration service provider.

21
windows/client-management/mdm/devicemanageability-csp.md
View File

@ -1,6 +1,6 @@
---
title: DeviceManageability CSP
description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device.
description: The DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2
ms.reviewer:
manager: dansimp
@ -15,14 +15,21 @@ ms.date: 11/01/2017
# DeviceManageability CSP
The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
For performance reasons DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
The following diagram shows the DeviceManageability configuration service provider in a tree format.
![devicemanageability csp diagram](images/provisioning-csp-devicemanageability.png)
For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
The following shows the DeviceManageability configuration service provider in a tree format.
```
./Device/Vendor/MSFT
DeviceManageability
----Capabilities
--------CSPVersions
----Provider (Added in Windows 10, version 1709)
--------ProviderID (Added in Windows 10, version 1709)
------------ConfigInfo (Added in Windows 10, version 1709)
------------EnrollmentInfo (Added in Windows 10, version 1709)
```
<a href="" id="--device-vendor-msft-devicemanageability"></a>**./Device/Vendor/MSFT/DeviceManageability**
Root node to group information about runtime MDM configuration capability on the target device.

50
windows/client-management/mdm/devicestatus-csp.md
View File

@ -17,10 +17,52 @@ ms.date: 04/30/2019
The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
The following image shows the DeviceStatus configuration service provider in tree format.
![devicestatus csp](images/provisioning-csp-devicestatus.png)
The following shows the DeviceStatus configuration service provider in tree format.
```
./Vendor/MSFT
DeviceStatus
----SecureBootState
----CellularIdentities
--------IMEI
------------IMSI
------------ICCID
------------PhoneNumber
------------CommercializationOperator
------------RoamingStatus
------------RoamingCompliance
----NetworkIdentifiers
--------MacAddress
------------IPAddressV4
------------IPAddressV6
------------IsConnected
------------Type
----Compliance
--------EncryptionCompliance
----TPM
--------SpecificationVersion
----OS
--------Edition
--------Mode
----Antivirus
--------SignatureStatus
--------Status
----Antispyware
--------SignatureStatus
--------Status
----Firewall
--------Status
----UAC
--------Status
----Battery
--------Status
--------EstimatedChargeRemaining
--------EstimatedRuntime
----DomainName
----DeviceGuard
--------VirtualizationBasedSecurityHwReq
--------VirtualizationBasedSecurityStatus
--------LsaCfgCredGuardStatus
```
<a href="" id="devicestatus"></a>**DeviceStatus**
The root node for the DeviceStatus configuration service provider.

17
windows/client-management/mdm/devinfo-csp.md
View File

@ -17,16 +17,23 @@ ms.date: 06/26/2017
The DevInfo configuration service provider handles the managed object which provides device information to the OMA DM server. This device information is automatically sent to the OMA DM server at the beginning of each OMA DM session.
> **Note**  This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
> [!NOTE]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
 
For the DevInfo CSP, you cannot use the Replace command unless the node already exists.
The following diagram shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider.
![devinfo csp (dm)](images/provisioning-csp-devinfo-dm.png)
The following shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider.
```
.
DevInfo
----DevId
----Man
----Mod
----DmV
----Lang
```
<a href="" id="devid"></a>**DevId**
Required. Returns an application-specific global unique device identifier by default.

40
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -23,10 +23,10 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
![Access work or school page in Settings](images/diagnose-mdm-failures15.png)
1. At the bottom of the **Settings** page, click **Create report**.
![Access work or school page in Settings](images/diagnose-mdm-failures16.png)
![Access work or school page and then Create report](images/diagnose-mdm-failures16.png)
1. A window opens that shows the path to the log files. Click **Export**.
![Access work or school page in Settings](images/diagnose-mdm-failures17.png)
![Access work or school log files](images/diagnose-mdm-failures17.png)
1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
@ -112,8 +112,8 @@ Example: Export the Debug logs
</SyncML>
```
## Collect logs from Windows 10 Mobile devices
<!--## Collect logs from Windows 10 Mobile devices-->
<!--
Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
**To collect logs manually**
@ -121,28 +121,28 @@ Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medi
1. Download and install the [Field Medic]( https://go.microsoft.com/fwlink/p/?LinkId=718232) app from the store.
2. Open the Field Medic app and then click on **Advanced**.
![field medic screenshot](images/diagnose-mdm-failures2.png)
![field medic screenshot 2](images/diagnose-mdm-failures2.png)
3. Click on **Choose with ETW provider to use**.
![field medic screenshot](images/diagnose-mdm-failures3.png)
![field medic screenshot 3](images/diagnose-mdm-failures3.png)
4. Check **Enterprise** and un-check the rest.
![field medic screenshot](images/diagnose-mdm-failures4.png)
![field medic screenshot 4](images/diagnose-mdm-failures4.png)
5. In the app, click on **Start Logging** and then perform the operation that you want to troubleshoot.
![field medic screenshot](images/diagnose-mdm-failures2.png)
![field medic screenshot 5](images/diagnose-mdm-failures2.png)
6. When the operation is done, click on **Stop Logging**.
![field medic screenshot](images/diagnose-mdm-failures5.png)
![field medic screenshot 6](images/diagnose-mdm-failures5.png)
7. Save the logs. They will be stored in the Field Medic log location on the device.
8. You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder.
![device documents folder](images/diagnose-mdm-failures6.png)![device folder screenshot](images/diagnose-mdm-failures7.png)![device folder screenshot](images/diagnose-mdm-failures8.png)
![device documents folder](images/diagnose-mdm-failures6.png)![device folder screenshot 7](images/diagnose-mdm-failures7.png)![device folder screenshot 8](images/diagnose-mdm-failures8.png)
The following table contains a list of common providers and their corresponding GUIDs.
@ -182,11 +182,11 @@ The following table contains a list of common providers and their corresponding
| e5fc4a0f-7198-492f-9b0f-88fdcbfded48 | Microsoft-Windows Networking VPN |
| e5c16d49-2464-4382-bb20-97a4b5465db9 | Microsoft-Windows-WiFiNetworkManager |
 
 -->
## Collect logs remotely from Windows 10 Holographic or Windows 10 Mobile devices
## Collect logs remotely from Windows 10 Holographic
For holographic or mobile devices already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is 3DA494E4-0FE2-415C-B895-FB5265C5C83B. The following examples show how to enable the ETW provider:
@ -294,21 +294,21 @@ For best results, ensure that the PC or VM on which you are viewing logs matches
3. Navigate to the etl file that you got from the device and then open the file.
4. Click **Yes** when prompted to save it to the new log format.
![prompt](images/diagnose-mdm-failures10.png)
![event viewer prompt](images/diagnose-mdm-failures10.png)
![diagnose mdm failures](images/diagnose-mdm-failures11.png)
5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
![event viewer](images/diagnose-mdm-failures12.png)
![event viewer actions](images/diagnose-mdm-failures12.png)
6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
![event filter](images/diagnose-mdm-failures13.png)
![event filter for Device Management](images/diagnose-mdm-failures13.png)
7. Now you are ready to start reviewing the logs.
![event viewer](images/diagnose-mdm-failures14.png)
![event viewer review logs](images/diagnose-mdm-failures14.png)
## Collect device state data
@ -336,9 +336,3 @@ Here's an example of how to collect current MDM device state data using the [Dia
```
 

36
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -26,9 +26,39 @@ The following are the links to different versions of the DiagnosticLog CSP DDF f
- [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2)
The following diagram shows the DiagnosticLog CSP in tree format.
![diagnosticlog csp diagram](images/provisioning-csp-diagnosticlog.png)
The following shows the DiagnosticLog CSP in tree format.
```
./Vendor/MSFT
DiagnosticLog
----EtwLog
--------Collectors
------------CollectorName
----------------TraceStatus
----------------TraceLogFileMode
----------------TraceControl
----------------LogFileSizeLimitMB
----------------Providers
--------------------ProviderGuid
------------------------Keywords
------------------------TraceLevel
------------------------State
--------Channels
------------ChannelName
----------------Export
----------------State
----------------Filter
----DeviceStateData
--------MdmConfiguration
----FileDownload
--------DMChannel
------------FileContext
----------------BlockSizeKB
----------------BlockCount
----------------BlockIndexToRead
----------------BlockData
----------------DataBlocks
--------------------BlockNumber
```
<a href="" id="--vendor-msft-diagnosticlog"></a>**./Vendor/MSFT/DiagnosticLog**
The root node for the DiagnosticLog CSP.

42
windows/client-management/mdm/dmacc-csp.md
View File

@ -23,10 +23,46 @@ The DMAcc configuration service provider allows an OMA Device Management (DM) ve
For the DMAcc CSP, you cannot use the Replace command unless the node already exists.
The following diagram shows the DMAcc configuration service provider management object in tree format as used by OMA Device Management version 1.2. The OMA Client Provisioning protocol is not supported by this configuration service provider.
![dmacc csp (dm)](images/provisioning-csp-dmacc-dm.png)
The following shows the DMAcc configuration service provider management object in tree format as used by OMA Device Management version 1.2. The OMA Client Provisioning protocol is not supported by this configuration service provider.
```
./SyncML
DMAcc
----*
--------AppID
--------ServerID
--------Name
--------PrefConRef
--------AppAddr
------------*
----------------Addr
----------------AddrType
----------------Port
--------------------*
------------------------PortNbr
--------AAuthPref
--------AppAuth
------------*
----------------AAuthLevel
----------------AAuthType
----------------AAuthName
----------------AAuthSecret
----------------AAuthData
--------Ext
------------Microsoft
----------------Role
----------------ProtoVer
----------------DefaultEncoding
----------------UseHwDevID
----------------ConnRetryFreq
----------------InitialBackOffTime
----------------MaxBackOffTime
----------------BackCompatRetryDisabled
----------------UseNonceResync
----------------CRLCheck
----------------DisableOnRoaming
----------------SSLCLIENTCERTSEARCHCRITERIA
```
<a href="" id="dmacc"></a>**DMAcc**
Required. Defines the root node of all OMA DM server accounts that use the OMA DM version 1.2 protocol.

49
windows/client-management/mdm/dmclient-csp.md
View File

@ -17,11 +17,50 @@ ms.date: 11/01/2017
The DMClient configuration service provider (CSP) is used to specify additional enterprise-specific mobile device management (MDM) configuration settings for identifying the device in the enterprise domain, for security mitigation for certificate renewal, and for server-triggered enterprise unenrollment.
The following diagram shows the DMClient CSP in tree format.
![dmclient csp](images/provisioning-csp-dmclient-th2.png)
The following shows the DMClient CSP in tree format.
```
./Vendor/MSFT
DMClient
----Provider
--------
------------EntDeviceName
------------ExchangeID
------------EntDMID
------------SignedEntDMID
------------CertRenewTimeStamp
------------PublisherDeviceID
------------ManagementServiceAddress
------------UPN
------------HelpPhoneNumber
------------HelpWebsite
------------HelpEmailAddress
------------RequireMessageSigning
------------SyncApplicationVersion
------------MaxSyncApplicationVersion
------------Unenroll
------------AADResourceID
------------AADDeviceID
------------EnrollmentType
------------EnableOmaDmKeepAliveMessage
------------HWDevID
------------ManagementServerAddressList
------------CommercialID
------------Push
----------------PFN
----------------ChannelURI
----------------Status
------------Poll
----------------IntervalForFirstSetOfRetries
----------------NumberOfFirstRetries
----------------IntervalForSecondSetOfRetries
----------------NumberOfSecondRetries
----------------IntervalForRemainingScheduledRetries
----------------NumberOfRemainingScheduledRetries
----------------PollOnLogin
----------------AllUsersPollOnFirstLogin
----Unenroll
----UpdateManagementServiceAddress
```
<a href="" id="msft"></a>**./Vendor/MSFT**
All the nodes in this CSP are supported in the device context, except for the **ExchangeID** node, which is supported in the user context. For the device context, use the **./Device/Vendor/MSFT** path and for the user context, use the **./User/Vendor/MSFT** path.

53
windows/client-management/mdm/dmsessionactions-csp.md
View File

@ -1,6 +1,6 @@
---
title: DMSessionActions CSP
description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low power state.
description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low-power state.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@ -16,20 +16,57 @@ manager: dansimp
The DMSessionActions configuration service provider (CSP) is used to manage:
- the number of sessions the client skips if the device is in a low power state
- the number of sessions the client skips if the device is in a low-power state
- which CSP nodes should send an alert back to the server if there were any changes.
This CSP was added in Windows 10, version 1703.
The following diagram shows the DMSessionActions configuration service provider in tree format.
The following shows the DMSessionActions configuration service provider in tree format.
```
./User/Vendor/MSFT
DMSessionActions
----ProviderID
--------CheckinAlertConfiguration
------------Nodes
----------------NodeID
--------------------NodeURI
--------AlertData
--------PowerSettings
------------MaxSkippedSessionsInLowPowerState
------------MaxTimeSessionsSkippedInLowPowerState
![dmsessionactions csp](images/provisioning-csp-dmsessionactions.png)
./Device/Vendor/MSFT
DMSessionActions
----ProviderID
--------CheckinAlertConfiguration
------------Nodes
----------------NodeID
--------------------NodeURI
--------AlertData
--------PowerSettings
------------MaxSkippedSessionsInLowPowerState
------------MaxTimeSessionsSkippedInLowPowerState
./User/Vendor/MSFT
./Device/Vendor/MSFT
DMSessionActions
----ProviderID
--------CheckinAlertConfiguration
------------Nodes
----------------NodeID
--------------------NodeURI
--------AlertData
--------PowerSettings
------------MaxSkippedSessionsInLowPowerState
------------MaxTimeSessionsSkippedInLowPowerState
```
<a href="" id="vendor-msft-dmsessionactions"></a>**./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions**
<p style="margin-left: 20px">Defines the root node for the DMSessionActions configuration service provider.</p>
<a href="" id="providerid"></a>***ProviderID***
<p style="margin-left: 20px">Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means that there should be only one ProviderID node under NodeCache. </p>
<p style="margin-left: 20px">Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means there should be only one ProviderID node under NodeCache. </p>
<p style="margin-left: 20px">Scope is dynamic. Supported operations are Get, Add, and Delete.</p>
@ -55,12 +92,12 @@ The following diagram shows the DMSessionActions configuration service provider
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
<a href="" id="powersettings"></a>**PowerSettings**
<p style="margin-left: 20px">Node for power related configrations</p>
<p style="margin-left: 20px">Node for power-related configrations</p>
<a href="" id="maxskippedsessionsinlowpowerstate"></a>**PowerSettings/MaxSkippedSessionsInLowPowerState**
<p style="margin-left: 20px">Maximum number of continuous skipped sync sessions when the device is in low power state.</p>
<p style="margin-left: 20px">Maximum number of continuous skipped sync sessions when the device is in low-power state.</p>
<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>
<a href="" id="maxtimesessionsskippedinlowpowerstate"></a>**PowerSettings/MaxTimeSessionsSkippedInLowPowerState**
<p style="margin-left: 20px">Maximum time in minutes when the device can skip the check-in with the server if the device is in low power state. </p>
<p style="margin-left: 20px">Maximum time in minutes when the device can skip the check-in with the server if the device is in low-power state. </p>
<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace, and Delete.</p>

29
windows/client-management/mdm/dynamicmanagement-csp.md
View File

@ -17,10 +17,21 @@ Windows 10 allows you to manage devices differently depending on location, netwo
This CSP was added in Windows 10, version 1703.
The following diagram shows the DynamicManagement configuration service provider in tree format.
![dynamicmanagement csp](images/provisioning-csp-dynamicmanagement.png)
The following shows the DynamicManagement configuration service provider in tree format.
```
./Device/Vendor/MSFT
DynamicManagement
----NotificationsEnabled
----ActiveList
----Contexts
--------ContextID
------------SignalDefinition
------------SettingsPack
------------SettingsPackResponse
------------ContextStatus
------------Altitude
----AlertsEnabled
```
<a href="" id="dynamicmanagement"></a>**DynamicManagement**
<p style="margin-left: 20px">The root node for the DynamicManagement configuration service provider.</p>
@ -53,7 +64,7 @@ The following diagram shows the DynamicManagement configuration service provider
<p style="margin-left: 20px">Supported operation is Get.</p>
<a href="" id="contextid"></a>***ContextID***
<p style="margin-left: 20px">Node created by the server to define a context. Maximum amount of characters allowed is 38.</p>
<p style="margin-left: 20px">Node created by the server to define a context. Maximum number of characters allowed is 38.</p>
<p style="margin-left: 20px">Supported operations are Add, Get, and Delete.</p>
<a href="" id="signaldefinition"></a>**SignalDefinition**
@ -65,15 +76,15 @@ The following diagram shows the DynamicManagement configuration service provider
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.</p>
<a href="" id="settingspackresponse"></a>**SettingsPackResponse**
<p style="margin-left: 20px">Response from applying a Settings Pack that contains information on each individual action..</p>
<p style="margin-left: 20px">Response from applying a Settings Pack that contains information on each individual action.</p>
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
<a href="" id="contextstatus"></a>**ContextStatus**
<p style="margin-left: 20px">Reports status of the context. If there was a failure, SettingsPackResponse should be checked for what exactly failed..</p>
<p style="margin-left: 20px">Reports status of the context. If there was a failure, SettingsPackResponse should be checked for what exactly failed.</p>
<p style="margin-left: 20px">Value type is integer. Supported operation is Get.</p>
<a href="" id="altitude"></a>**Altitude**
<p style="margin-left: 20px">A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities..</p>
<p style="margin-left: 20px">A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities.</p>
<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Delete, and Replace.</p>
<a href="" id="alertsenabled"></a>**AlertsEnabled**
@ -82,7 +93,7 @@ The following diagram shows the DynamicManagement configuration service provider
## Examples
Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 meters radius of the specified latitude/longitude
Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100-meters radius of the specified latitude/longitude
```xml
<Replace>

42
windows/client-management/mdm/email2-csp.md
View File

@ -22,10 +22,44 @@ On the desktop, only per user configuration is supported.
 
The following diagram shows the EMAIL2 configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning.
![email2 csp (dm,cp)](images/provisioning-csp-email2.png)
The following shows the EMAIL2 configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning.
```
./Vendor/MSFT
EMAIL2
----Account GUID
--------ACCOUNTICON
--------ACCOUNTTYPE
--------AUTHNAME
--------AUTHREQUIRED
--------AUTHSECRET
--------DOMAIN
--------DWNDAY
--------INSERVER
--------LINGER
--------KEEPMAX
--------NAME
--------OUTSERVER
--------REPLYADDR
--------SERVICENAME
--------SERVICETYPE
--------RETRIEVE
--------SERVERDELETEACTION
--------CELLULARONLY
--------SYNCINGCONTENTTYPES
--------CONTACTSSERVER
--------CALENDARSERVER
--------CONTACTSSERVERREQUIRESSL
--------CALENDARSERVERREQUIRESSL
--------CONTACTSSYNCSCHEDULE
--------CALENDARSYNCSCHEDULE
--------SMTPALTAUTHNAME
--------SMTPALTDOMAIN
--------SMTPALTENABLED
--------SMTPALTPASSWORD
--------TAGPROPS
------------8128000B
------------812C000B
```
In Windows 10 Mobile, after the users out of box experience, an OEM or mobile operator can use the EMAIL2 configuration service provider to provision the device with a mobile operators proprietary mail over the air. After provisioning, the **Start** screen has a tile for the proprietary mail provider and there is also a link to it in the applications list under **Settings, email & accounts**. After an account has been updated over-the-air by the EMAIL2 CSP, the device must be powered off and then powered back on to see the sync status.
Configuration data is not encrypted when sent over the air (OTA). Be aware that this is a potential security risk when sending sensitive configuration data, such as passwords.

66
windows/client-management/mdm/enrollmentstatustracking-csp.md
View File

@ -18,10 +18,72 @@ ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track t
The EnrollmentStatusTracking CSP was added in Windows 10, version 1903.
The following diagram shows the EnrollmentStatusTracking CSP in tree format.
The following shows the EnrollmentStatusTracking CSP in tree format.
```
./User/Vendor/MSFT
EnrollmentStatusTracking
----Setup
--------Apps
------------PolicyProviders
----------------ProviderName
--------------------TrackingPoliciesCreated
------------Tracking
----------------ProviderName
--------------------AppName
------------------------TrackingUri
------------------------InstallationState
------------------------RebootRequired
--------HasProvisioningCompleted
![tree diagram for enrollmentstatustracking csp](images/provisioning-csp-enrollmentstatustracking.png)
./Device/Vendor/MSFT
EnrollmentStatusTracking
----DevicePreparation
--------PolicyProviders
------------ProviderName
----------------InstallationState
----------------LastError
----------------Timeout
----------------TrackedResourceTypes
--------------------Apps
----Setup
--------Apps
------------PolicyProviders
----------------ProviderName
--------------------TrackingPoliciesCreated
------------Tracking
----------------ProviderName
--------------------AppName
------------------------TrackingUri
------------------------InstallationState
------------------------RebootRequired
--------HasProvisioningCompleted
./User/Vendor/MSFT
./Device/Vendor/MSFT
EnrollmentStatusTracking
----DevicePreparation
--------PolicyProviders
------------ProviderName
----------------InstallationState
----------------LastError
----------------Timeout
----------------TrackedResourceTypes
--------------------Apps
----Setup
--------Apps
------------PolicyProviders
----------------ProviderName
--------------------TrackingPoliciesCreated
------------Tracking
----------------ProviderName
--------------------AppName
------------------------TrackingUri
------------------------InstallationState
------------------------RebootRequired
--------HasProvisioningCompleted
```
<a href="" id="vendor-msft"></a>**./Vendor/MSFT**
For device context, use **./Device/Vendor/MSFT** path and for user context, use **./User/Vendor/MSFT** path.

23
windows/client-management/mdm/enterpriseapn-csp.md
View File

@ -19,10 +19,25 @@ The EnterpriseAPN configuration service provider (CSP) is used by the enterprise
> [!Note]
> Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
The following image shows the EnterpriseAPN configuration service provider in tree format.
![enterpriseapn csp](images/provisioning-csp-enterpriseapn-rs1.png)
The following shows the EnterpriseAPN configuration service provider in tree format.
```
./Vendor/MSFT
EnterpriseAPN
----ConnectionName
--------APNName
--------IPType
--------IsAttachAPN
--------ClassId
--------AuthType
--------UserName
--------Password
--------IccId
--------AlwaysOn
--------Enabled
----Settings
--------AllowUserControl
--------HideView
```
<a href="" id="enterpriseapn"></a>**EnterpriseAPN**
<p style="margin-left: 20px">The root node for the EnterpriseAPN configuration service provider.</p>

33
windows/client-management/mdm/enterpriseappvmanagement-csp.md
View File

@ -15,10 +15,35 @@ manager: dansimp
The EnterpriseAppVManagement configuration service provider (CSP) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions). This CSP was added in Windows 10, version 1703.
The following diagram shows the EnterpriseAppVManagement configuration service provider in tree format.
![enterpriseappvmanagement csp](images/provisioning-csp-enterpriseappvmanagement.png)
The following shows the EnterpriseAppVManagement configuration service provider in tree format.
```
./Vendor/MSFT
EnterpriseAppVManagement
----AppVPackageManagement
--------EnterpriseID
------------PackageFamilyName
----------------PackageFullName
--------------------Name
--------------------Version
--------------------Publisher
--------------------InstallLocation
--------------------InstallDate
--------------------Users
--------------------AppVPackageId
--------------------AppVVersionId
--------------------AppVPackageUri
----AppVPublishing
--------LastSync
------------LastError
------------LastErrorDescription
------------SyncStatusDescription
------------SyncProgress
--------Sync
------------PublishXML
----AppVDynamicPolicy
--------ConfigurationId
------------Policy
```
**./Vendor/MSFT/EnterpriseAppVManagement**
<p style="margin-left: 20px">Root node for the EnterpriseAppVManagement configuration service provider.</p>

21
windows/client-management/mdm/enterpriseassignedaccess-csp.md
View File

@ -22,10 +22,23 @@ The EnterpriseAssignedAccess configuration service provider allows IT administra
To use an app to create a lockdown XML see [Use the Lockdown Designer app to create a Lockdown XML file](https://docs.microsoft.com/windows/configuration/mobile-devices/mobile-lockdown-designer). For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](https://msdn.microsoft.com/library/windows/hardware/mt186983).
The following diagram shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
![enterpriseassignedaccess csp](images/provisioning-csp-enterpriseassignedaccess.png)
The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
```
./Vendor/MSFT
EnterpriseAssignedAccess
----AssignedAccess
--------AssignedAccessXml
----LockScreenWallpaper
--------BGFileName
----Theme
--------ThemeBackground
--------ThemeAccentColorID
--------ThemeAccentColorValue
----Clock
--------TimeZone
----Locale
--------Language
```
The following list shows the characteristics and parameters.
<a href="" id="-vendor-msft-enterpriseassignedaccess-"></a>**./Vendor/MSFT/EnterpriseAssignedAccess/**

20
windows/client-management/mdm/enterprisedataprotection-csp.md
View File

@ -29,10 +29,22 @@ To learn more about WIP, see the following articles:
- [Create a Windows Information Protection (WIP) policy](https://technet.microsoft.com/itpro/windows/keep-secure/overview-create-wip-policy)
- [General guidance and best practices for Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/guidance-and-best-practices-wip)
The following diagram shows the EnterpriseDataProtection CSP in tree format.
![enterprisedataprotection csp diagram](images/provisioning-csp-enterprisedataprotection.png)
The following shows the EnterpriseDataProtection CSP in tree format.
```
./Device/Vendor/MSFT
EnterpriseDataProtection
----Settings
--------EDPEnforcementLevel
--------EnterpriseProtectedDomainNames
--------AllowUserDecryption
--------RequireProtectionUnderLockConfig
--------DataRecoveryCertificate
--------RevokeOnUnenroll
--------RMSTemplateIDForEDP
--------AllowAzureRMSForEDP
--------EDPShowIcons
----Status
```
<a href="" id="--device-vendor-msft-enterprisedataprotection"></a>**./Device/Vendor/MSFT/EnterpriseDataProtection**
The root node for the CSP.

22
windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
View File

@ -19,10 +19,24 @@ The EnterpriseDesktopAppManagement configuration service provider is used to han
Application installations can take some time to complete, hence they are done asynchronously. When the Exec command is completed, the client can send a generic alert to the management server with a status, whether it's a failure or success. For a SyncML example, see [Alert example](#alert-example).
The following diagram shows the EnterpriseDesktopAppManagement CSP in tree format.
![enterprisedesktopappmanagement csp](images/provisioning-csp-enterprisedesktopappmanagement.png)
The following shows the EnterpriseDesktopAppManagement CSP in tree format.
```
./Device/Vendor/MSFT
EnterpriseDesktopAppManagement
----MSI
--------ProductID
------------Version
------------Name
------------Publisher
------------InstallPath
------------InstallDate
------------DownloadInstall
------------Status
------------LastError
------------LastErrorDesc
--------UpgradeCode
------------Guid
```
<a href="" id="--vendor-msft-enterprisedesktopappmanagement"></a>**./Device/Vendor/MSFT/EnterpriseDesktopAppManagement**
The root node for the EnterpriseDesktopAppManagement configuration service provider.

21
windows/client-management/mdm/enterpriseext-csp.md
View File

@ -21,10 +21,23 @@ The EnterpriseExt configuration service provider allows OEMs to set their own un
 
The following diagram shows the EnterpriseExt configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
![enterpriseext csp](images/provisioning-csp-enterpriseext.png)
The following shows the EnterpriseExt configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
```
./Vendor/MSFT
EnterpriseExt
----DeviceCustomData
--------CustomID
--------CustomString
----Brightness
--------Default
--------MaxAuto
----LedAlertNotification
--------State
--------Intensity
--------Period
--------DutyCycle
--------Cyclecount
```
The following list shows the characteristics and parameters.
<a href="" id="--vendor-msft-enterpriseext"></a>**./Vendor/MSFT/EnterpriseExt**

18
windows/client-management/mdm/enterpriseextfilessystem-csp.md
View File

@ -23,10 +23,20 @@ The EnterpriseExtFileSystem configuration service provider (CSP) allows IT admin
File contents are embedded directly into the syncML message, so there is a limit to the size of the file that can be retrieved from the device. The default limit is 0x100000 (1 MB). You can configure this limit by using the following registry key: **Software\\Microsoft\\Provisioning\\CSPs\\.\\Vendor\\MSFT\\EnterpriseExtFileSystem\\MaxFileReadSize**.
The following diagram shows the EnterpriseExtFileSystem configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
![enterpriseextfilesystem csp](images/provisioning-csp-enterpriseextfilesystem.png)
The following shows the EnterpriseExtFileSystem configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
```
./Vendor/MSFT
EnterpriseExtFileSystem
----Persistent
--------Files_abc1
--------Directory_abc2
----NonPersistent
--------Files_abc3
--------Directory_abc4
----OemProfile
--------Directory_abc5
--------Files_abc6
```
The following list describes the characteristics and parameters.
<a href="" id="--vendor-msft-enterpriseextfilesystem"></a>**./Vendor/MSFT/EnterpriseExtFileSystem**

49
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -19,10 +19,51 @@ The EnterpriseModernAppManagement configuration service provider (CSP) is used f
> [!Note]
> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
The following image shows the EnterpriseModernAppManagement configuration service provider in tree format.
![enterprisemodernappmanagement csp diagram](images/provisioning-csp-enterprisemodernappmanagement.png)
The following shows the EnterpriseModernAppManagement configuration service provider in tree format.
```
./Vendor/MSFT
EnterpriseModernAppManagement
----AppManagement
--------EnterpriseID
------------PackageFamilyName
----------------PackageFullName
--------------------Name
--------------------Version
--------------------Publisher
--------------------Architecture
--------------------InstallLocation
--------------------IsFramework
--------------------IsBundle
--------------------InstallDate
--------------------ResourceID
--------------------PackageStatus
--------------------RequiresReinstall
--------------------Users
--------------------IsProvisioned
----------------DoNotUpdate
----------------AppSettingPolicy
--------------------SettingValue
--------UpdateScan
--------LastScanError
--------AppInventoryResults
--------AppInventoryQuery
----AppInstallation
--------PackageFamilyName
------------StoreInstall
------------HostedInstall
------------LastError
------------LastErrorDesc
------------Status
------------ProgressStatus
----AppLicenses
--------StoreLicenses
------------LicenseID
----------------LicenseCategory
----------------LicenseUsage
----------------RequesterID
----------------AddLicense
----------------GetLicenseFromStore
```
<a href="" id="device-or-user-context"></a>**Device or User context**
For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path.

32
windows/client-management/mdm/euiccs-csp.md
View File

@ -16,10 +16,34 @@ manager: dansimp
The eUICCs configuration service provider is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees. This CSP was added in windows 10, version 1709.
The following diagram shows the eUICCs configuration service provider in tree format.
![euiccs csp](images/provisioning-csp-euiccs.png)
The following shows the eUICCs configuration service provider in tree format.
```
./Device/Vendor/MSFT
eUICCs
----eUICC
--------Identifier
--------IsActive
--------PPR1Allowed
--------PPR1AlreadySet
--------DownloadServers
------------ServerName
----------------DiscoveryState
----------------AutoEnable
--------Profiles
------------ICCID
----------------ServerName
----------------MatchingID
----------------State
----------------IsEnabled
----------------PPR1Set
----------------PPR2Set
----------------ErrorDetail
--------Policies
------------LocalUIEnabled
--------Actions
------------ResetToFactoryState
------------Status
```
<a href="" id="--vendor-msft-euiccs"></a>**./Vendor/MSFT/eUICCs**
Root node.

86
windows/client-management/mdm/firewall-csp.md
View File

@ -20,10 +20,88 @@ Firewall rules in the FirewallRules section must be wrapped in an Atomic block i
For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](https://msdn.microsoft.com/library/mt620101.aspx).
The following diagram shows the Firewall configuration service provider in tree format.
![firewall csp](images/provisioning-csp-firewall.png)
The following shows the Firewall configuration service provider in tree format.
```
./Vendor/MSFT
Firewall
----
--------Global
------------PolicyVersionSupported
------------CurrentProfiles
------------DisableStatefulFtp
------------SaIdleTime
------------PresharedKeyEncoding
------------IPsecExempt
------------CRLcheck
------------PolicyVersion
------------BinaryVersionSupported
------------OpportunisticallyMatchAuthSetPerKM
------------EnablePacketQueue
--------DomainProfile
------------EnableFirewall
------------DisableStealthMode
------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast
------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge
------------AllowLocalPolicyMerge
------------AllowLocalIpsecPolicyMerge
------------DefaultOutboundAction
------------DefaultInboundAction
------------DisableStealthModeIpsecSecuredPacketExemption
--------PrivateProfile
------------EnableFirewall
------------DisableStealthMode
------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast
------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge
------------AllowLocalPolicyMerge
------------AllowLocalIpsecPolicyMerge
------------DefaultOutboundAction
------------DefaultInboundAction
------------DisableStealthModeIpsecSecuredPacketExemption
--------PublicProfile
------------EnableFirewall
------------DisableStealthMode
------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast
------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge
------------AllowLocalPolicyMerge
------------AllowLocalIpsecPolicyMerge
------------DefaultOutboundAction
------------DefaultInboundAction
------------DisableStealthModeIpsecSecuredPacketExemption
--------FirewallRules
------------FirewallRuleName
----------------App
--------------------PackageFamilyName
--------------------FilePath
--------------------Fqbn
--------------------ServiceName
----------------Protocol
----------------LocalPortRanges
----------------RemotePortRanges
----------------LocalAddressRanges
----------------RemoteAddressRanges
----------------Description
----------------Enabled
----------------Profiles
----------------Action
--------------------Type
----------------Direction
----------------InterfaceTypes
----------------EdgeTraversal
----------------LocalUserAuthorizationList
----------------FriendlyName
----------------IcmpTypesAndCodes
----------------Status
----------------Name
```
<a href="" id="--vendor-msft-applocker"></a>**./Vendor/MSFT/Firewall**
<p style="margin-left: 20px">Root node for the Firewall configuration service provider.</p>

42
windows/client-management/mdm/healthattestation-csp.md
View File

@ -37,7 +37,7 @@ The following is a list of functions performed by the Device HealthAttestation C
**DHA-Session (Device HealthAttestation session)**
<p style="margin-left: 20px">The Device HealthAttestation session (DHA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.</p>
<p style="margin-left: 20px">The following list of transactions are performed in one DHA-Session:</p>
<p style="margin-left: 20px">The following list of transactions is performed in one DHA-Session:</p>
<ul>
<li>DHA-CSP and DHA-Service communication:
<ul><li>DHA-CSP forwards device boot data (DHA-BootData) to DHA-Service</li>
@ -75,7 +75,7 @@ The following is a list of functions performed by the Device HealthAttestation C
<strong>DHA-Enabled MDM (Device HealthAttestation enabled device management solution)</strong>
<p style="margin-left: 20px">Device HealthAttestation enabled (DHA-Enabled) device management solution is a device management tool that is integrated with the DHA feature.</p>
<p style="margin-left: 20px">DHA-Enabled device management solutions enable enterprise IT managers to raise the security protection bar for their managed devices based on hardware (TPM) protected data that can be trusted even if a device is compromised by advanced security threats or running a malicious (jailbroken) operating system.</p>
<p style="margin-left: 20px">The following list of operations are performed by DHA-Enabled-MDM:</p>
<p style="margin-left: 20px">The following list of operations is performed by DHA-Enabled-MDM</p>
<ul>
<li>Enables the DHA feature on a DHA-Enabled device</li>
<li>Issues device health attestation requests to enrolled/managed devices</li>
@ -85,7 +85,7 @@ The following is a list of functions performed by the Device HealthAttestation C
<strong>DHA-CSP (Device HealthAttestation Configuration Service Provider)</strong>
<p style="margin-left: 20px">The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a devices TPM and firmware to measure critical security properties of the devices BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.</p>
<p style="margin-left: 20px">The following list of operations are performed by DHA-CSP:</p>
<p style="margin-left: 20px">The following list of operations is performed by DHA-CSP:</p>
<ul>
<li>Collects device boot data (DHA-BootData) from a managed device</li>
<li>Forwards DHA-BootData to Device Health Attestation Service (DHA-Service)</li>
@ -97,7 +97,7 @@ The following is a list of functions performed by the Device HealthAttestation C
<p style="margin-left: 20px">Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.</p>
<p style="margin-left: 20px">DHA-Service is available in 2 flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports a variety of implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.</p>
<p style="margin-left: 20px">The following list of operations are performed by DHA-Service:</p>
<p style="margin-left: 20px">The following list of operations is performed by DHA-Service:</p>
- Receives device boot data (DHA-BootData) from a DHA-Enabled device</li>
- Forwards DHA-BootData to Device Health Attestation Service (DHA-Service) </li>
@ -126,7 +126,7 @@ The following is a list of functions performed by the Device HealthAttestation C
<li>Available in Windows for free</li>
<li>Running on a high-availability and geo-balanced cloud infrastructure </li>
<li>Supported by most DHA-Enabled device management solutions as the default device attestation service provider</li>
<li>Accessible to all enterprise managed devices via following:
<li>Accessible to all enterprise-managed devices via following:
<ul>
<li>FQDN = has.spserv.microsoft.com) port</li>
<li>Port = 443</li>
@ -144,7 +144,7 @@ The following is a list of functions performed by the Device HealthAttestation C
<li>Offered to Windows Server 2016 customer (no added licensing cost for enabling/running DHA-Service) </li>
<li>Hosted on an enterprise owned and managed server device/hardware</li>
<li>Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios</li>
<li><p>Accessible to all enterprise managed devices via following:</p>
<li><p>Accessible to all enterprise-managed devices via following:</p>
<ul>
<li>FQDN = (enterprise assigned)</li>
<li>Port = (enterprise assigned)</li>
@ -155,12 +155,12 @@ The following is a list of functions performed by the Device HealthAttestation C
<td style="vertical-align:top">The operation cost of running one or more instances of Server 2016 on-premises.</td>
</tr>
<tr class="even">
<td style="vertical-align:top">Device Health Attestation - Enterprise Managed Cloud<p>(DHA-EMC)</p></td>
<td style="vertical-align:top"><p>DHA-EMC refers to an enterprise managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise managed cloud service, such as Microsoft Azure.</p>
<td style="vertical-align:top">Device Health Attestation - Enterprise-Managed Cloud<p>(DHA-EMC)</p></td>
<td style="vertical-align:top"><p>DHA-EMC refers to an enterprise-managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise-managed cloud service, such as Microsoft Azure.</p>
<ul>
<li>Offered to Windows Server 2016 customers with no additional licensing cost (no added licensing cost for enabling/running DHA-Service)</li>
<li>Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios </li>
<li><p>Accessible to all enterprise managed devices via following:</p>
<li><p>Accessible to all enterprise-managed devices via following:</p>
<ul>
<li>FQDN = (enterprise assigned)</li>
<li>Port = (enterprise assigned)</li>
@ -176,10 +176,22 @@ The following is a list of functions performed by the Device HealthAttestation C
## CSP diagram and node descriptions
The following diagram shows the Device HealthAttestation configuration service provider in tree format.
![healthattestation csp](images/provisioning-csp-healthattestation.png)
The following shows the Device HealthAttestation configuration service provider in tree format.
```
./Vendor/MSFT
HealthAttestation
----VerifyHealth
----Status
----ForceRetrieve
----Certificate
----Nonce
----CorrelationID
----HASEndpoint
----TpmReadyStatus
----CurrentProtocolVersion
----PreferredMaxProtocolVersion
----MaxSupportedProtocolVersion
```
<a href="" id="healthattestation"></a>**./Vendor/MSFT/HealthAttestation**
<p style="margin-left: 20px">The root node for the device HealthAttestation configuration service provider.</p>
@ -306,13 +318,13 @@ SSL-Session:
There are three types of DHA-Service:
- Device Health Attestation Cloud (owned and operated by Microsoft)
- Device Health Attestation On Premise (owned and operated by an enterprise, runs on Windows Server 2016 on premises)
- Device Health Attestation - Enterprise Managed Cloud (owned and operated by an enterprise, runs on Windows Server 2016 compatible enterprise managed cloud)
- Device Health Attestation - Enterprise-Managed Cloud (owned and operated by an enterprise, runs on Windows Server 2016 compatible enterprise-managed cloud)
DHA-Cloud is the default setting. No further action is required if an enterprise is planning to use Microsoft DHA-Cloud as the trusted DHA-Service provider.
For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint node to instruct a managed device to communicate with the enterprise trusted DHA-Service.
The following example shows a sample call that instructs a managed device to communicate with an enterprise managed DHA-Service.
The following example shows a sample call that instructs a managed device to communicate with an enterprise-managed DHA-Service.
```xml
<Replace>

12
windows/client-management/mdm/maps-csp.md
View File

@ -21,10 +21,14 @@ The Maps configuration service provider (CSP) is used to configure the maps to d
The following diagram shows the Maps configuration service provider in tree format.
![maps csp diagram](images/provisioning-csp-maps.png)
The following shows the Maps configuration service provider in tree format.
```
./Vendor/MSFT
Maps
----Packages
--------Package
------------Status
```
<a href="" id="maps"></a>**Maps**
Root node.

20
windows/client-management/mdm/multisim-csp.md
View File

@ -17,10 +17,22 @@ manager: dansimp
The MultiSIM configuration service provider (CSP) is used by the enterprise to manage devices with dual SIM single active configuration. An enterprise can set policies on whether that user can switch between SIM slots, specify which slot is the default, and whether the slot is embedded. This CSP was added in Windows 10, version 1803.
The following diagram shows the MultiSIM configuration service provider in tree format.
![MultiSIM CSP diagram](images/provisioning-csp-multisim.png)
The following shows the MultiSIM configuration service provider in tree format.
```
./Device/Vendor/MSFT
MultiSIM
----ModemID
--------Identifier
--------IsEmbedded
--------Slots
------------SlotID
----------------Identifier
----------------IsEmbedded
----------------IsSelected
----------------State
--------Policies
------------SlotSelectionEnabled
```
<a href="" id="multisim"></a>**./Device/Vendor/MSFT/MultiSIM**
Root node.

2
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

File diff suppressed because one or more lines are too long

19
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -266,6 +266,7 @@ ms.date: 10/08/2020
- [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)
- [ADMX_Explorer/PreventItemCreationInUsersFilesFolder](./policy-csp-admx-explorer.md#admx-explorer-preventitemcreationinusersfilesfolder)
- [ADMX_Explorer/TurnOffSPIAnimations](./policy-csp-admx-explorer.md#admx-explorer-turnoffspianimations)
- [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
- [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
- [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
- [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification)
@ -1296,6 +1297,10 @@ ms.date: 10/08/2020
- [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption)
- [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary)
- [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch)
- [ADMX_WindowsFileProtection/WFPShowProgress](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpshowprogress)
- [ADMX_WindowsFileProtection/WFPQuota](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpquota)
- [ADMX_WindowsFileProtection/WFPScan](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpscan)
- [ADMX_WindowsFileProtection/WFPDllCacheDir](./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpdllcachedir)
- [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
- [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
- [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
@ -1379,7 +1384,7 @@ ms.date: 10/08/2020
- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-disableprintingoverhttp)
- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
- [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
@ -1393,12 +1398,12 @@ ms.date: 10/08/2020
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallationpreventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
- [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)

15
windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
View File

@ -137,7 +137,7 @@ ms.date: 07/18/2019
- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming)
- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp)
- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-disableprintingoverhttp)
- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp)
- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards)
- [Connectivity/DisallowNetworkConnectivityActiveTests](./policy-csp-connectivity.md#connectivity-disallownetworkconnectivityactivetests)
@ -220,12 +220,12 @@ ms.date: 07/18/2019
- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceids)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdevicesetupclasses)
- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallationpreventdevicemetadatafromnetwork)
- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofdevicesnotdescribedbyotherpolicysettings)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdevicesetupclasses)
- [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
- [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
- [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
@ -731,7 +731,6 @@ ms.date: 07/18/2019
- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells)
- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
- [Search/AllowCloudSearch](./policy-csp-search.md#search-allowcloudsearch)
- [Search/AllowCortanaInAAD](./policy-csp-search.md#search-allowcortanainaad)
- [Search/AllowFindMyFiles](./policy-csp-search.md#search-allowfindmyfiles)
- [Search/AllowIndexingEncryptedStoresOrItems](./policy-csp-search.md#search-allowindexingencryptedstoresoritems)
- [Search/AllowSearchToUseLocation](./policy-csp-search.md#search-allowsearchtouselocation)

1
windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
View File

@ -16,7 +16,6 @@ ms.date: 09/16/2019
> [!div class="op_single_selector"]
>
> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
> - [IoT Core](policy-csps-supported-by-iot-core.md)
>

73
windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
View File

@ -1,73 +0,0 @@
---
title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policies in Policy CSP supported by Windows 10 IoT Enterprise
> [!div class="op_single_selector"]
>
> - [IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
> - [IoT Core](policy-csps-supported-by-iot-core.md)
>
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize)
- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching)
- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
- [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaybackgrounddownloadfromhttp)
- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelayforegrounddownloadfromhttp)
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode)
- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid)
- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupidsource)
- [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage)
- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize)
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth) (deprecated)
- [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth) (deprecated)
- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos)
- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload)
- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer)
- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache)
- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer)
- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive)
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxbackgroundbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) (deprecated)
- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxforegroundbandwidth)
- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#deliveryoptimization-dorestrictpeerselectionby)
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot)
- [Update/SetProxyBehaviorForUpdateDetection](policy-csp-update.md#update-setproxybehaviorforupdatedetection)
## Related topics
[Policy CSP](policy-configuration-service-provider.md)

46
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -1053,6 +1053,13 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_FileRecovery policies
<dl>
<dd>
<a href="./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy" id="admx-filerecovery-wdiscenarioexecutionpolicy">ADMX_FileRecovery/WdiScenarioExecutionPolicy</a>
</dd>
</dl>
### ADMX_FileServerVSSProvider policies
<dl>
<dd>
@ -5296,7 +5303,7 @@ The following diagram shows the Policy configuration service provider in tree fo
<a href="./policy-csp-connectivity.md#connectivity-allowvpnroamingovercellular" id="connectivity-allowvpnroamingovercellular">Connectivity/AllowVPNRoamingOverCellular</a>
</dd>
<dd>
<a href="./policy-csp-connectivity.md#connectivity-diableprintingoverhttp" id="connectivity-diableprintingoverhttp">Connectivity/DiablePrintingOverHTTP</a>
<a href="./policy-csp-connectivity.md#connectivity-disableprintingoverhttp" id="connectivity-disableprintingoverhttp">Connectivity/DiablePrintingOverHTTP</a>
</dd>
<dd>
<a href="./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp" id="connectivity-disabledownloadingofprintdriversoverhttp">Connectivity/DisableDownloadingOfPrintDriversOverHTTP</a>
@ -5655,28 +5662,28 @@ The following diagram shows the Policy configuration service provider in tree fo
<dl>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids" id="deviceinstallation-allowinstallationofmatchingdeviceids">DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceids" id="deviceinstallation-allowinstallationofmatchingdeviceids">DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses" id="deviceinstallation-allowinstallationofmatchingdevicesetupclasses">DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdevicesetupclasses" id="deviceinstallation-allowinstallationofmatchingdevicesetupclasses">DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceinstanceids"id="deviceinstallation-allowinstallationofmatchingdeviceinstanceids">DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids"id="deviceinstallation-allowinstallationofmatchingdeviceinstanceids">DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork" id="deviceinstallation-preventdevicemetadatafromnetwork">DeviceInstallation/PreventDeviceMetadataFromNetwork</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventdevicemetadatafromnetwork" id="deviceinstallation-preventdevicemetadatafromnetwork">DeviceInstallation/PreventDeviceMetadataFromNetwork</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings" id="deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings">DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofdevicesnotdescribedbyotherpolicysettings" id="deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings">DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids" id="deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceids" id="deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceinstanceids"id="deviceinstallation-preventinstallationofmatchingdeviceinstanceids">DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids"id="deviceinstallation-preventinstallationofmatchingdeviceinstanceids">DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs</a>
</dd>
<dd>
<a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses">DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</a>
<a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdevicesetupclasses" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses">DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</a>
</dd>
</dl>
@ -7571,9 +7578,6 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-search.md#search-allowcloudsearch" id="search-allowcloudsearch">Search/AllowCloudSearch</a>
</dd>
<dd>
<a href="./policy-csp-search.md#search-allowcortanainaad" id="search-allowcortanainaad">Search/AllowCortanaInAAD</a>
</dd>
<dd>
<a href="./policy-csp-search.md#search-allowfindmyfiles" id="search-allowfindmyfiles">Search/AllowFindMyFiles</a>
</dd>
@ -8453,6 +8457,23 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_WindowsFileProtection policies
<dl>
<dd>
<a href="./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpshowprogress" id="admx-windowsfileprotection-wfpshowprogress">ADMX_WindowsFileProtection/WFPShowProgress</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpquota" id="admx-windowsfileprotection-wfpquota">ADMX_WindowsFileProtection/WFPQuota</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpscan" id="admx-windowsfileprotection-wfpscan">ADMX_WindowsFileProtection/WFPScan</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsfileprotection.md#admx-windowsfileprotection-wfpdllcachedir" id="admx-windowsfileprotection-wfpdllcachedir">ADMX_WindowsFileProtection/WFPDllCacheDir</a>
</dd>
</dl>
### WindowsInkWorkspace policies
<dl>
@ -8563,7 +8584,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
## Policies in Policy CSP supported by Windows 10 IoT
- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
- [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
## Policies in Policy CSP supported by Microsoft Surface Hub

17
windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
View File

@ -106,14 +106,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
View File

@ -941,14 +941,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-appcompat.md
View File

@ -731,14 +731,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
View File

@ -108,13 +108,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-appxruntime.md
View File

@ -325,14 +325,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
View File

@ -409,14 +409,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-auditsettings.md
View File

@ -106,14 +106,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-bits.md
View File

@ -1088,14 +1088,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
View File

@ -190,14 +190,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-com.md
View File

@ -184,14 +184,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-controlpanel.md
View File

@ -350,13 +350,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
View File

@ -1813,13 +1813,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-cpls.md
View File

@ -104,14 +104,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-credentialproviders.md
View File

@ -256,14 +256,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-credssp.md
View File

@ -956,14 +956,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-credui.md
View File

@ -172,14 +172,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
View File

@ -326,14 +326,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-datacollection.md
View File

@ -101,14 +101,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-admx-desktop.md
View File

@ -2170,14 +2170,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
View File

@ -607,13 +607,13 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-admx-devicesetup.md
View File

@ -175,14 +175,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-digitallocker.md
View File

@ -177,14 +177,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-admx-dnsclient.md
View File

@ -1712,14 +1712,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-admx-dwm.md
View File

@ -478,14 +478,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-eaime.md
View File

@ -958,14 +958,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
View File

@ -103,14 +103,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

17
windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
View File

@ -463,14 +463,15 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

18
windows/client-management/mdm/policy-csp-admx-errorreporting.md
View File

@ -2189,14 +2189,14 @@ ADMX Info:
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 1 - Available in Windows 10, version 1607
- 2 - Available in Windows 10, version 1703
- 3 - Available in Windows 10, version 1709
- 4 - Available in Windows 10, version 1803
- 5 - Available in Windows 10, version 1809
- 6 - Available in Windows 10, version 1903
- 7 - Available in Windows 10, version 1909
- 8 - Available in Windows 10, version 2004
- 9 - Available in Windows 10, version 20H2
<!--/Policies-->

Some files were not shown because too many files have changed in this diff Show More