From c79c669ad5534f0ad0f8d1f28251f46b6bb6fdcb Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 27 Feb 2024 16:38:23 -0500 Subject: [PATCH] Add explanations for different group types and access restrictions --- .../assigned-access-configuration-file.md | 41 +++++------------ .../assigned-access-examples.md | 45 +++++++++++++++++++ windows/configuration/assigned-access/toc.yml | 2 + 3 files changed, 57 insertions(+), 31 deletions(-) create mode 100644 windows/configuration/assigned-access/assigned-access-examples.md diff --git a/windows/configuration/assigned-access/assigned-access-configuration-file.md b/windows/configuration/assigned-access/assigned-access-configuration-file.md index 8a11be1ee4..1ca7abdf84 100644 --- a/windows/configuration/assigned-access/assigned-access-configuration-file.md +++ b/windows/configuration/assigned-access/assigned-access-configuration-file.md @@ -410,6 +410,7 @@ Group accounts are specified using ``. Nested groups aren't supported :::row::: :::column span="2"::: **Local group** + Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Microsoft Entra accounts that are added to the local group won't have the kiosk settings applied. :::column-end::: :::column span="2"::: @@ -424,6 +425,7 @@ Specify the group type as **LocalGroup** and put the group name in Name attribut :::row::: :::column span="2"::: **Active Directory group** + Both security and distribution groups are supported. Specify the group type as ActiveDirectoryGroup. Use the domain name as the prefix in the name attribute. :::column-end::: :::column span="2"::: @@ -438,6 +440,7 @@ Both security and distribution groups are supported. Specify the group type as < :::row::: :::column span="2"::: **Microsoft Entra group** + Use the object ID of the Microsoft Entra group. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as `AzureActiveDirectoryGroup`. The kiosk device must have internet connectivity when users that belong to the group sign-in. :::column-end::: :::column span="2"::: @@ -538,6 +541,7 @@ You can specify user access to Downloads folder, Removable drives, or no restric :::row::: :::column span="2"::: **Block everything** + Either don't use the node or leave it empty :::column-end::: :::column span="2"::: @@ -589,7 +593,7 @@ Either don't use the node or leave it empty :::column span="2"::: **No restrictions, all locations are allowed** :::column-end::: -:::column span="3"::: +:::column span="2"::: ```xml @@ -603,34 +607,9 @@ Either don't use the node or leave it empty ::: zone-end ---- +## Next steps -## Practical examples - -### Kiosk experience with Microsoft Edge example - -[!INCLUDE [assigned-access-example-kiosk-edge](includes/assigned-access-example-kiosk-edge.md)] - -### Kiosk experience with UWP app example - -[!INCLUDE [assigned-access-example-kiosk-uwp](includes/assigned-access-example-kiosk-uwp.md)] - -::: zone pivot="windows-10" - -### File Explorer restrictions example - -[!INCLUDE [assigned-access-example-file-explorer-restrictions](includes/assigned-access-example-file-explorer-restrictions.md)] - -::: zone-end - -### Global Profile example - -The following configuration demonstrates that only a global profile is used, with no user configured. - -[!INCLUDE [assigned-access-example-global-profile](includes/assigned-access-example-global-profile.md)] - -### User Group example - -The following configuration demonstrates how to assign profiles to different users and groups, including a user configured to automatically sign in. - -[!INCLUDE [assigned-access-example-usergroup](includes/assigned-access-example-usergroup.md)] +> [!div class="nextstepaction"] +> Review some practical examples of Assigned Access XML configurations: +> +> [Assigned Access examples](assigned-access-examples.md) \ No newline at end of file diff --git a/windows/configuration/assigned-access/assigned-access-examples.md b/windows/configuration/assigned-access/assigned-access-examples.md new file mode 100644 index 0000000000..6e5147b99b --- /dev/null +++ b/windows/configuration/assigned-access/assigned-access-examples.md @@ -0,0 +1,45 @@ +--- +title: Assigned Access examples +description: Practical examples of XML files to configure Assigned Access. +ms.date: 02/26/2024 +ms.topic: reference +zone_pivot_groups: windows-versions-11-10 +appliesto: +--- + +# Assigned Access examples + +This artcile contains examples of XML files to configure a device with Assigned Access. The files can be easily modified to fit your specific needs. + +To learn more: + +- [Create an Assigned Access configuration XML file](assigned-access-configuration-file.md). +- [Assigned Access XML Schema Definition (XSD)](assigned-access-xsd.md). + +## Kiosk experience with Microsoft Edge example + +[!INCLUDE [assigned-access-example-kiosk-edge](includes/assigned-access-example-kiosk-edge.md)] + +## Kiosk experience with UWP app example + +[!INCLUDE [assigned-access-example-kiosk-uwp](includes/assigned-access-example-kiosk-uwp.md)] + +::: zone pivot="windows-10" + +## File Explorer restrictions example + +[!INCLUDE [assigned-access-example-file-explorer-restrictions](includes/assigned-access-example-file-explorer-restrictions.md)] + +::: zone-end + +## Global Profile example + +The following configuration demonstrates that only a global profile is used, with no user configured. + +[!INCLUDE [assigned-access-example-global-profile](includes/assigned-access-example-global-profile.md)] + +## User Group example + +The following configuration demonstrates how to assign profiles to different users and groups, including a user configured to automatically sign in. + +[!INCLUDE [assigned-access-example-usergroup](includes/assigned-access-example-usergroup.md)] diff --git a/windows/configuration/assigned-access/toc.yml b/windows/configuration/assigned-access/toc.yml index 7e990bf368..18d14beb71 100644 --- a/windows/configuration/assigned-access/toc.yml +++ b/windows/configuration/assigned-access/toc.yml @@ -33,6 +33,8 @@ items: href: /windows/client-management/mdm/assignedaccess-csp - name: Assigned Access XSD href: assigned-access-xsd.md + - name: Assigned Access XML examples + href: assigned-access-examples.md - name: Shell Launcher XSD href: shell-launcher-xsd.md - name: Assigned Access policy settings