deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 4483: Update to Policy CSP

Browse Source
This commit is contained in:
Maricia Alforque 2017-11-13 21:42:53 +00:00
parent 28cd6a63ef
commit ca774be030
7 changed files with 288 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1026,6 +1026,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul> <ul>
<li>Authentication/AllowAadPasswordReset</li> <li>Authentication/AllowAadPasswordReset</li>
<li>Authentication/AllowFidoDeviceSignon</li>
<li>Browser/LockdownFavorites</li> <li>Browser/LockdownFavorites</li>
<li>Browser/ProvisionFavorites</li> <li>Browser/ProvisionFavorites</li>
<li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li> <li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li>
@ -1080,9 +1081,11 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>Education/PrinterNames</li> <li>Education/PrinterNames</li>
<li>Search/AllowCloudSearch</li> <li>Search/AllowCloudSearch</li>
<li>Security/ClearTPMIfNotReady</li> <li>Security/ClearTPMIfNotReady</li>
<li>Storage/AllowDiskHealthModelUpdates</li>
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li> <li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li> <li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li>
<li>Update/DisableDualScan</li> <li>Update/DisableDualScan</li>
<li>Update/ManagePreviewBuilds</li>
<li>Update/ScheduledInstallEveryWeek</li> <li>Update/ScheduledInstallEveryWeek</li>
<li>Update/ScheduledInstallFirstWeek</li> <li>Update/ScheduledInstallFirstWeek</li>
<li>Update/ScheduledInstallFourthWeek</li> <li>Update/ScheduledInstallFourthWeek</li>
@ -1102,6 +1105,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>WindowsDefenderSecurityCenter/EnableInAppCustomization</li> <li>WindowsDefenderSecurityCenter/EnableInAppCustomization</li>
<li>WindowsDefenderSecurityCenter/Phone</li> <li>WindowsDefenderSecurityCenter/Phone</li>
<li>WindowsDefenderSecurityCenter/URL</li> <li>WindowsDefenderSecurityCenter/URL</li>
<li>WirelessDisplay/AllowMdnsAdvertisement</li>
<li>WirelessDisplay/AllowMdnsDiscovery</li>
</ul> </ul>
</td></tr> </td></tr>
</tbody> </tbody>
@ -1397,6 +1402,14 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>Defender/ControlledFolderAccessAllowedApplications - string separator is |.</li> <li>Defender/ControlledFolderAccessAllowedApplications - string separator is |.</li>
<li>Defender/ControlledFolderAccessProtectedFolders - string separator is |.</li> <li>Defender/ControlledFolderAccessProtectedFolders - string separator is |.</li>
</ul> </ul>
<p>Added the following policies for Windows 10, version 1709:</p>
<ul>
<li>Authentication/AllowFidoDeviceSignon</li>
<li>Storage/EnhancedStorageDevices</li>
<li>Update/ManagePreviewBuilds</li>
<li>WirelessDisplay/AllowMdnsAdvertisement</li>
<li>WirelessDisplay/AllowMdnsDiscovery</li>
</ul>
</td></tr> </td></tr>
<tr class="even"> <tr class="even">
<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td> <td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>

21
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -334,6 +334,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-authentication.md#authentication-allowfastreconnect" id="authentication-allowfastreconnect">Authentication/AllowFastReconnect</a> <a href="./policy-csp-authentication.md#authentication-allowfastreconnect" id="authentication-allowfastreconnect">Authentication/AllowFastReconnect</a>
</dd> </dd>
<dd>
<a href="./policy-csp-authentication.md#authentication-allowfidodevicesignon" id="authentication-allowfidodevicesignon">Authentication/AllowFidoDeviceSignon</a>
</dd>
<dd> <dd>
<a href="./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice" id="authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a> <a href="./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice" id="authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a>
</dd> </dd>
@ -2397,9 +2400,15 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-search.md#search-allowsearchtouselocation" id="search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a> <a href="./policy-csp-search.md#search-allowsearchtouselocation" id="search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a>
</dd> </dd>
<dd>
<a href="./policy-csp-search.md#search-allowstoringimagesfromvisionsearch">Search/AllowStoringImagesFromVisionSearch</a>
</dd>
<dd> <dd>
<a href="./policy-csp-search.md#search-allowusingdiacritics" id="search-allowusingdiacritics">Search/AllowUsingDiacritics</a> <a href="./policy-csp-search.md#search-allowusingdiacritics" id="search-allowusingdiacritics">Search/AllowUsingDiacritics</a>
</dd> </dd>
<dd>
<a href="./policy-csp-search.md#search-allowwindowsindexer" id="search-allowwindowsindexer">Search/AllowWindowsIndexer</a>
</dd>
<dd> <dd>
<a href="./policy-csp-search.md#search-alwaysuseautolangdetection" id="search-alwaysuseautolangdetection">Search/AlwaysUseAutoLangDetection</a> <a href="./policy-csp-search.md#search-alwaysuseautolangdetection" id="search-alwaysuseautolangdetection">Search/AlwaysUseAutoLangDetection</a>
</dd> </dd>
@ -2616,6 +2625,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a> <a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
</dd> </dd>
<dd>
<a href="./policy-csp-storage.md#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
</dd>
</dl> </dl>
### System policies ### System policies
@ -2792,6 +2804,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-update.md#update-ignoremoupdatedownloadlimit" id="update-ignoremoupdatedownloadlimit">Update/IgnoreMOUpdateDownloadLimit</a> <a href="./policy-csp-update.md#update-ignoremoupdatedownloadlimit" id="update-ignoremoupdatedownloadlimit">Update/IgnoreMOUpdateDownloadLimit</a>
</dd> </dd>
<dd>
<a href="./policy-csp-update.md#update-managepreviewbuilds">Update/ManagePreviewBuilds</a>
</dd>
<dd> <dd>
<a href="./policy-csp-update.md#update-pausedeferrals" id="update-pausedeferrals">Update/PauseDeferrals</a> <a href="./policy-csp-update.md#update-pausedeferrals" id="update-pausedeferrals">Update/PauseDeferrals</a>
</dd> </dd>
@ -2955,6 +2970,12 @@ The following diagram shows the Policy configuration service provider in tree fo
### WirelessDisplay policies ### WirelessDisplay policies
<dl> <dl>
<dd>
<a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsadvertisement">WirelessDisplay/AllowMdnsAdvertisement</a>
</dd>
<dd>
<a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowmdnsdiscovery">WirelessDisplay/AllowMdnsDiscovery</a>
</dd>
<dd> <dd>
<a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectionfrompc" id="wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a> <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectionfrompc" id="wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
</dd> </dd>

43
windows/client-management/mdm/policy-csp-authentication.md
View File

@ -28,6 +28,9 @@ ms.date: 11/01/2017
<dd> <dd>
<a href="#authentication-allowfastreconnect">Authentication/AllowFastReconnect</a> <a href="#authentication-allowfastreconnect">Authentication/AllowFastReconnect</a>
</dd> </dd>
<dd>
<a href="#authentication-allowfidodevicesignon">Authentication/AllowFidoDeviceSignon</a>
</dd>
<dd> <dd>
<a href="#authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a> <a href="#authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a>
</dd> </dd>
@ -171,6 +174,46 @@ ms.date: 11/01/2017
<p style="margin-left: 20px">Most restricted value is 0. <p style="margin-left: 20px">Most restricted value is 0.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="authentication-allowfidodevicesignon"></a>**Authentication/AllowFidoDeviceSignon**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether Fast Identity Online (FIDO) device can be used to sign on.
<p style="margin-left: 20px">The following list shows the supported values:
- 0 - Do not allow. The FIDO device credential provider disabled. 
- 1 - Allow. The FIDO device credential provider is enabled and allows usage of FIDO devices to sign into an Windows.
<p style="margin-left: 20px">Value type is integer.
<!--EndDescription--> <!--EndDescription-->
<!--EndPolicy--> <!--EndPolicy-->
<hr/> <hr/>

48
windows/client-management/mdm/policy-csp-search.md
View File

@ -28,9 +28,15 @@ ms.date: 11/01/2017
<dd> <dd>
<a href="#search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a> <a href="#search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a>
</dd> </dd>
<dd>
<a href="#search-allowstoringimagesfromvisionsearch">Search/AllowStoringImagesFromVisionSearch</a>
</dd>
<dd> <dd>
<a href="#search-allowusingdiacritics">Search/AllowUsingDiacritics</a> <a href="#search-allowusingdiacritics">Search/AllowUsingDiacritics</a>
</dd> </dd>
<dd>
<a href="#search-allowwindowsindexer">Search/AllowWindowsIndexer</a>
</dd>
<dd> <dd>
<a href="#search-alwaysuseautolangdetection">Search/AlwaysUseAutoLangDetection</a> <a href="#search-alwaysuseautolangdetection">Search/AlwaysUseAutoLangDetection</a>
</dd> </dd>
@ -195,6 +201,15 @@ ms.date: 11/01/2017
<p style="margin-left: 20px">Most restricted value is 0. <p style="margin-left: 20px">Most restricted value is 0.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="search-allowstoringimagesfromvisionsearch"></a>**Search/AllowStoringImagesFromVisionSearch**
<!--StartDescription-->
<p style="margin-left: 20px">This policy has been deprecated.
<!--EndDescription--> <!--EndDescription-->
<!--EndPolicy--> <!--EndPolicy-->
<hr/> <hr/>
@ -243,6 +258,39 @@ ms.date: 11/01/2017
<p style="margin-left: 20px">Most restricted value is 0. <p style="margin-left: 20px">Most restricted value is 0.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="search-allowwindowsindexer"></a>**Search/AllowWindowsIndexer**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Allow Windows indexer. Value type is integer.
<!--EndDescription--> <!--EndDescription-->
<!--EndPolicy--> <!--EndPolicy-->
<hr/> <hr/>

43
windows/client-management/mdm/policy-csp-storage.md
View File

@ -22,6 +22,9 @@ ms.date: 11/01/2017
<dd> <dd>
<a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a> <a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
</dd> </dd>
<dd>
<a href="#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
</dd>
</dl> </dl>
<hr/> <hr/>
@ -85,6 +88,46 @@ ADMX Info:
<!--EndADMX--> <!--EndADMX-->
<!--EndPolicy--> <!--EndPolicy-->
<hr/> <hr/>
<!--StartPolicy-->
<a href="" id="storage-allowdiskhealthmodelupdates"></a>**Storage/AllowDiskHealthModelUpdates**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. Allows disk health model updates.
<p style="margin-left: 20px">The following list shows the supported values:
- 0 - Do not allow
- 1 (default) - Allow
<p style="margin-left: 20px">Value type is integer.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
Footnote: Footnote:

42
windows/client-management/mdm/policy-csp-update.md
View File

@ -94,6 +94,9 @@ ms.date: 11/01/2017
<dd> <dd>
<a href="#update-ignoremoupdatedownloadlimit">Update/IgnoreMOUpdateDownloadLimit</a> <a href="#update-ignoremoupdatedownloadlimit">Update/IgnoreMOUpdateDownloadLimit</a>
</dd> </dd>
<dd>
<a href="#update-managepreviewbuilds">Update/ManagePreviewBuilds</a>
</dd>
<dd> <dd>
<a href="#update-pausedeferrals">Update/PauseDeferrals</a> <a href="#update-pausedeferrals">Update/PauseDeferrals</a>
</dd> </dd>
@ -1453,6 +1456,45 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
3. Verify that any downloads that are above the download size limit will complete without being paused. 3. Verify that any downloads that are above the download size limit will complete without being paused.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="update-managepreviewbuilds"></a>**Update/ManagePreviewBuilds**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer.
<p style="margin-left: 20px">The following list shows the supported values:
- 0 - Disable Preview builds
- 1 - Disable Preview builds once the next release is public
- 2 - Enable Preview builds
<!--EndDescription--> <!--EndDescription-->
<!--EndPolicy--> <!--EndPolicy-->
<hr/> <hr/>

78
windows/client-management/mdm/policy-csp-wirelessdisplay.md
View File

@ -19,6 +19,12 @@ ms.date: 11/01/2017
## WirelessDisplay policies ## WirelessDisplay policies
<dl> <dl>
<dd>
<a href="#wirelessdisplay-allowmdnsadvertisement">WirelessDisplay/AllowMdnsAdvertisement</a>
</dd>
<dd>
<a href="#wirelessdisplay-allowmdnsdiscovery">WirelessDisplay/AllowMdnsDiscovery</a>
</dd>
<dd> <dd>
<a href="#wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a> <a href="#wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
</dd> </dd>
@ -39,6 +45,78 @@ ms.date: 11/01/2017
</dd> </dd>
</dl> </dl>
<hr/>
<!--StartPolicy-->
<a href="" id="wirelessdisplay-allowmdnsadvertisement"></a>**WirelessDisplay/AllowMdnsAdvertisement**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement.
- 0 - Do not allow
- 1 - Allow
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="wirelessdisplay-allowmdnsdiscovery"></a>**WirelessDisplay/AllowMdnsDiscovery**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery.
- 0 - Do not allow
- 1 - Allow
<!--EndDescription-->
<!--EndPolicy-->
<hr/> <hr/>
<!--StartPolicy--> <!--StartPolicy-->
<a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC** <a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**