mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 06:47:21 +00:00
Merge remote-tracking branch 'refs/remotes/origin/master' into vs-emie-portal
This commit is contained in:
LizRoss
commit
c99a06d824
@ -23,8 +23,6 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
|
|||||||
|
|
||||||
Compatible Surface devices include:
|
Compatible Surface devices include:
|
||||||
|
|
||||||
- Surface Studio
|
|
||||||
|
|
||||||
- Surface Book
|
- Surface Book
|
||||||
|
|
||||||
- Surface Pro 4
|
- Surface Pro 4
|
||||||
|
|||||||
@ -14,6 +14,12 @@ author: jdeckerMS
|
|||||||
|
|
||||||
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
|
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
|
||||||
|
|
||||||
|
## May 2017
|
||||||
|
|
||||||
|
| New or changed topic | Description |
|
||||||
|
| --- | --- |
|
||||||
|
| [ Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added MDM policies for privacy settings. |
|
||||||
|
|
||||||
## April 2017
|
## April 2017
|
||||||
|
|
||||||
| New or changed topic | Description |
|
| New or changed topic | Description |
|
||||||
|
|||||||
@ -89,22 +89,22 @@ See the following table for a summary of the management settings for Windows 10
|
|||||||
| [17.1 General](#bkmk-general) |  |  |  |  | |
|
| [17.1 General](#bkmk-general) |  |  |  |  | |
|
||||||
| [17.2 Location](#bkmk-priv-location) |  |  |  |  | |
|
| [17.2 Location](#bkmk-priv-location) |  |  |  |  | |
|
||||||
| [17.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
|
| [17.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
|
||||||
| [17.4 Microphone](#bkmk-priv-microphone) |  |  | |  | |
|
| [17.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
|
||||||
| [17.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
|
| [17.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
|
||||||
| [17.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
|
| [17.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
|
||||||
| [17.7 Account info](#bkmk-priv-accounts) |  |  | |  | |
|
| [17.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
|
||||||
| [17.8 Contacts](#bkmk-priv-contacts) |  |  | |  | |
|
| [17.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
|
||||||
| [17.9 Calendar](#bkmk-priv-calendar) |  |  | |  | |
|
| [17.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
|
||||||
| [17.10 Call history](#bkmk-priv-callhistory) |  |  | |  | |
|
| [17.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
|
||||||
| [17.11 Email](#bkmk-priv-email) |  |  | |  | |
|
| [17.11 Email](#bkmk-priv-email) |  |  |  |  | |
|
||||||
| [17.12 Messaging](#bkmk-priv-messaging) |  |  | |  | |
|
| [17.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
|
||||||
| [17.13 Radios](#bkmk-priv-radios) |  |  | |  | |
|
| [17.13 Radios](#bkmk-priv-radios) |  |  |  |  | |
|
||||||
| [17.14 Other devices](#bkmk-priv-other-devices) |  |  | |  | |
|
| [17.14 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
|
||||||
| [17.15 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
|
| [17.15 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
|
||||||
| [17.16 Background apps](#bkmk-priv-background) |  | | | | |
|
| [17.16 Background apps](#bkmk-priv-background) |  |  |  | | |
|
||||||
| [17.17 Motion](#bkmk-priv-motion) |  |  | |  | |
|
| [17.17 Motion](#bkmk-priv-motion) |  |  |  |  | |
|
||||||
| [17.18 Tasks](#bkmk-priv-tasks) |  |  | |  | |
|
| [17.18 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
|
||||||
| [17.19 App Diagnostics](#bkmk-priv-diag) |  |  | |  | |
|
| [17.19 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
|
||||||
| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
|
| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
|
||||||
| [19. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
|
| [19. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
|
||||||
| [20. Teredo](#bkmk-teredo) | |  | |  |  |
|
| [20. Teredo](#bkmk-teredo) | |  | |  |  |
|
||||||
@ -204,6 +204,7 @@ For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server
|
|||||||
3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
|
3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
|
||||||
4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
|
4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
|
||||||
|
|
||||||
|
|
||||||
On Windows Server 2016 Nano Server:
|
On Windows Server 2016 Nano Server:
|
||||||
|
|
||||||
- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
|
- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
|
||||||
@ -308,7 +309,7 @@ To turn off Find My Device:
|
|||||||
|
|
||||||
- Turn off the feature in the UI
|
- Turn off the feature in the UI
|
||||||
|
|
||||||
-or
|
-or-
|
||||||
|
|
||||||
- Disable the Group Policy: **Computer Configuration** > **Administrative Template** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
|
- Disable the Group Policy: **Computer Configuration** > **Administrative Template** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
|
||||||
|
|
||||||
@ -422,7 +423,11 @@ You can also use registry entries to set these Group Policies.
|
|||||||
| Turn off the flip ahead with page prediction feature | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead!Enabled <br /> REG_DWORD: 0|
|
| Turn off the flip ahead with page prediction feature | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\FlipAhead!Enabled <br /> REG_DWORD: 0|
|
||||||
| Turn off background synchronization for feeds and Web Slices | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds!BackgroundSyncStatus <br/> REG_DWORD:0 |
|
| Turn off background synchronization for feeds and Web Slices | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds!BackgroundSyncStatus <br/> REG_DWORD:0 |
|
||||||
|
|
||||||
To turn off the home page, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**
|
To turn off the home page, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
|
||||||
|
|
||||||
|
To configure the First Run Wizard, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**.
|
||||||
|
|
||||||
|
To configure the behavior for a new tab, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**.
|
||||||
|
|
||||||
### <a href="" id="bkmk-ie-activex"></a>8.1 ActiveX control blocking
|
### <a href="" id="bkmk-ie-activex"></a>8.1 ActiveX control blocking
|
||||||
|
|
||||||
@ -479,11 +484,14 @@ To prevent communication to the Microsoft Account cloud authentication service.
|
|||||||
- Apply the Group Policy: **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** > **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**.
|
- Apply the Group Policy: **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** > **Accounts: Block Microsoft Accounts** and set it to **Users can't add Microsoft accounts**.
|
||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting called **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System!NoConnectedUser**, with a value of 3.
|
- Create a REG\_DWORD registry setting called **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System!NoConnectedUser**, with a value of 3.
|
||||||
To disable the Microsoft Account Sign-In Assistant:
|
To disable the Microsoft Account Sign-In Assistant:
|
||||||
|
|
||||||
- Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
|
- Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
|
||||||
|
|
||||||
|
- Change the Start REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**.
|
||||||
|
|
||||||
|
|
||||||
### <a href="" id="bkmk-edge"></a>12. Microsoft Edge
|
### <a href="" id="bkmk-edge"></a>12. Microsoft Edge
|
||||||
|
|
||||||
@ -521,7 +529,7 @@ Alternatively, you can configure the Microsoft Group Policies using the followin
|
|||||||
|
|
||||||
| Policy | Registry path |
|
| Policy | Registry path |
|
||||||
| - | - |
|
| - | - |
|
||||||
| Configure Autofill | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!Use FormSuggest <br/ > REG_SZ: **about:blank** |
|
| Configure Autofill | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!Use FormSuggest <br/ > REG_SZ: **no** |
|
||||||
| Configure Do Not Track | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!DoNotTrack<br/> REG_DWORD: 1 |
|
| Configure Do Not Track | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!DoNotTrack<br/> REG_DWORD: 1 |
|
||||||
| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!FormSuggest Passwords<br /> REG_SZ: **no** |
|
| Configure Password Manager | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main!FormSuggest Passwords<br /> REG_SZ: **no** |
|
||||||
| Configure search suggestions in Address bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes!ShowSearchSuggestionsGlobal <br /> REG_DWORD: 0|
|
| Configure search suggestions in Address bar | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes!ShowSearchSuggestionsGlobal <br /> REG_DWORD: 0|
|
||||||
@ -1006,6 +1014,14 @@ To turn off **Let apps use my microphone**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessMicrophone MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmicrophone), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMicrophone**, with a value of 2 (two)
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMicrophone**, with a value of 2 (two)
|
||||||
|
|
||||||
To turn off **Choose apps that can use your microphone**:
|
To turn off **Choose apps that can use your microphone**:
|
||||||
@ -1028,6 +1044,14 @@ To turn off **Let apps access my notifications**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessNotifications MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessnotifications), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessNotifications**, with a value of 2 (two)
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessNotifications**, with a value of 2 (two)
|
||||||
|
|
||||||
### <a href="" id="bkmk-priv-speech"></a>17.6 Speech, inking, & typing
|
### <a href="" id="bkmk-priv-speech"></a>17.6 Speech, inking, & typing
|
||||||
@ -1088,6 +1112,14 @@ To turn off **Let apps access my name, picture, and other account info**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessAccountInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessaccountinfo), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessContacts**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessContacts**, with a value of 2 (two).
|
||||||
|
|
||||||
To turn off **Choose the apps that can access your account info**:
|
To turn off **Choose the apps that can access your account info**:
|
||||||
@ -1108,6 +1140,14 @@ To turn off **Choose apps that can access contacts**:
|
|||||||
|
|
||||||
- Set the **Select a setting** box to **Force Deny**.
|
- Set the **Select a setting** box to **Force Deny**.
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessContacts MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscontacts), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
### <a href="" id="bkmk-priv-calendar"></a>17.9 Calendar
|
### <a href="" id="bkmk-priv-calendar"></a>17.9 Calendar
|
||||||
|
|
||||||
In the **Calendar** area, you can choose which apps have access to an employee's calendar.
|
In the **Calendar** area, you can choose which apps have access to an employee's calendar.
|
||||||
@ -1124,6 +1164,14 @@ To turn off **Let apps access my calendar**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessCalendar MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscalendar), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCalendar**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCalendar**, with a value of 2 (two).
|
||||||
|
|
||||||
To turn off **Choose apps that can access calendar**:
|
To turn off **Choose apps that can access calendar**:
|
||||||
@ -1146,6 +1194,14 @@ To turn off **Let apps access my call history**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessCallHistory MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscallhistory), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCallHistory**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessCallHistory**, with a value of 2 (two).
|
||||||
|
|
||||||
### <a href="" id="bkmk-priv-email"></a>17.11 Email
|
### <a href="" id="bkmk-priv-email"></a>17.11 Email
|
||||||
@ -1164,6 +1220,14 @@ To turn off **Let apps access and send email**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessEmail MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessemail), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessEmail**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessEmail**, with a value of 2 (two).
|
||||||
|
|
||||||
### <a href="" id="bkmk-priv-messaging"></a>17.12 Messaging
|
### <a href="" id="bkmk-priv-messaging"></a>17.12 Messaging
|
||||||
@ -1182,6 +1246,14 @@ To turn off **Let apps read or send messages (text or MMS)**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccess<Messaging MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmessaging), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMessaging**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMessaging**, with a value of 2 (two).
|
||||||
|
|
||||||
To turn off **Choose apps that can read or send messages**:
|
To turn off **Choose apps that can read or send messages**:
|
||||||
@ -1204,6 +1276,14 @@ To turn off **Let apps control radios**:
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessRadios MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessradios), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessRadios**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessRadios**, with a value of 2 (two).
|
||||||
|
|
||||||
|
|
||||||
@ -1225,6 +1305,14 @@ To turn off **Let apps automatically share and sync info with wireless devices t
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsSyncWithDevices MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappssyncwithdevices), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsSyncWithDevices**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsSyncWithDevices**, with a value of 2 (two).
|
||||||
|
|
||||||
To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
|
To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
|
||||||
@ -1336,6 +1424,15 @@ To turn off **Let apps run in the background**:
|
|||||||
|
|
||||||
- Set the **Select a setting** box to **Force Deny**.
|
- Set the **Select a setting** box to **Force Deny**.
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsRunInBackground MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessruninbackground), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
|
||||||
### <a href="" id="bkmk-priv-motion"></a>17.17 Motion
|
### <a href="" id="bkmk-priv-motion"></a>17.17 Motion
|
||||||
|
|
||||||
In the **Motion** area, you can choose which apps have access to your motion data.
|
In the **Motion** area, you can choose which apps have access to your motion data.
|
||||||
@ -1350,6 +1447,14 @@ To turn off **Let Windows and your apps use your motion data and collect motion
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessMotion MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmotion), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMotion**, with a value of 2 (two).
|
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy!LetAppsAccessMotion**, with a value of 2 (two).
|
||||||
|
|
||||||
### <a href="" id="bkmk-priv-tasks"></a>17.18 Tasks
|
### <a href="" id="bkmk-priv-tasks"></a>17.18 Tasks
|
||||||
@ -1366,6 +1471,14 @@ To turn this off:
|
|||||||
|
|
||||||
- Set the **Select a setting** box to **Force Deny**.
|
- Set the **Select a setting** box to **Force Deny**.
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsAccessTasks MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesstasks), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
### <a href="" id="bkmk-priv-diag"></a>17.19 App Diagnostics
|
### <a href="" id="bkmk-priv-diag"></a>17.19 App Diagnostics
|
||||||
|
|
||||||
In the **App diagnostics** area, you can choose which apps have access to your diagnostic information.
|
In the **App diagnostics** area, you can choose which apps have access to your diagnostic information.
|
||||||
@ -1378,6 +1491,15 @@ To turn this off:
|
|||||||
|
|
||||||
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access dignostic information about other apps**
|
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access dignostic information about other apps**
|
||||||
|
|
||||||
|
-or-
|
||||||
|
|
||||||
|
- Apply the Privacy/LetAppsGetDiagnosticInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsgetdiagnosticinfo), where:
|
||||||
|
|
||||||
|
- **0**. User in control
|
||||||
|
- **1**. Force allow
|
||||||
|
- **2**. Force deny
|
||||||
|
|
||||||
|
|
||||||
### <a href="" id="bkmk-spp"></a>18. Software Protection Platform
|
### <a href="" id="bkmk-spp"></a>18. Software Protection Platform
|
||||||
|
|
||||||
Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
|
Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
|
||||||
@ -1563,7 +1685,7 @@ If you're running Windows 10, version 1607 or later, you only need to enable the
|
|||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
- Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).
|
- Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).
|
||||||
|
|
||||||
If you're not running Windows 10, version 1607 or later, you can use the other options in this section.
|
If you're not running Windows 10, version 1607 or later, you can use the other options in this section.
|
||||||
|
|
||||||
|
|||||||
@ -27,7 +27,7 @@ localizationpriority: high
|
|||||||
|
|
||||||
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
|
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
|
||||||
|
|
||||||
Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
|
Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/en-au/windows/mt782787).
|
||||||
|
|
||||||
Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
|
Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user