deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into patch-29

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-02-09 10:15:50 -05:00 committed by GitHub
commit cba8cfd16c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 705 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
.openpublishing.redirection.json
View File

@ -19463,7 +19463,7 @@
{
"source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md",
"redirect_url": "/microsoft-365/security/intelligence/rootkits-malware",
"redirect_document_id": false
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md",
@ -20114,7 +20114,7 @@
"source_path": "windows/deployment/update/update-compliance-v2-enable.md",
"redirect_url": "/windows/deployment/update/wufb-reports-enable",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-help.md",
"redirect_url": "/windows/deployment/update/wufb-reports-help",
@ -20124,22 +20124,22 @@
"source_path": "windows/deployment/update/update-compliance-v2-overview.md",
"redirect_url": "/windows/deployment/update/wufb-reports-overview",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-prerequisites.md",
"redirect_url": "/windows/deployment/update/wufb-reports-prerequisites",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-schema-ucclient.md",
"redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclient",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md",
"redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md",
"redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus",
@ -20149,17 +20149,17 @@
"source_path": "windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md",
"redirect_url": "/windows/deployment/update/wufb-reports-schema-ucdevicealert",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md",
"redirect_url": "/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md",
"redirect_url": "/windows/deployment/update/wufb-reports-schema-ucupdatealert",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/update/update-compliance-v2-schema.md",
"redirect_url": "/windows/deployment/update/wufb-reports-schema",
@ -20194,7 +20194,7 @@
"source_path": "windows/deployment/planning/features-lifecycle.md",
"redirect_url": "/windows/whats-new/feature-lifecycle",
"redirect_document_id": false
},
},
{
"source_path": "windows/deployment/planning/windows-10-deprecated-features.md",
"redirect_url": "/windows/whats-new/deprecated-features",
@ -20205,7 +20205,7 @@
"redirect_url": "/windows/whats-new/removed-features",
"redirect_document_id": false
},
{
{
"source_path": "windows/deployment/usmt/usmt-common-issues.md",
"redirect_url": "/troubleshoot/windows-client/deployment/usmt-common-issues",
"redirect_document_id": false
@ -20514,6 +20514,11 @@
"source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md",
"redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies",
"redirect_document_id": true
},
{
"source_path": "windows/client-management/mdm/policy-ddf-file.md",
"redirect_url": "/windows/client-management/mdm/configuration-service-provider-ddf",
"redirect_document_id": true
}
]
}

8
windows/client-management/change-history-for-mdm-documentation.md
View File

@ -185,7 +185,7 @@ As of November 2020 This page will no longer be updated. This article lists new
|[RemoteWipe CSP](mdm/remotewipe-csp.md)|Added new settings in Windows 10, version 1809.|
|[TenantLockdown CSP](mdm/tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.|
|[WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.|
|[Policy DDF file](mdm/policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:<li>Browser/AllowFullScreenMode<li>Browser/AllowPrelaunch<li>Browser/AllowPrinting<li>Browser/AllowSavingHistory<li>Browser/AllowSideloadingOfExtensions<li>Browser/AllowTabPreloading<li>Browser/AllowWebContentOnNewTabPage<li>Browser/ConfigureFavoritesBar<li>Browser/ConfigureHomeButton<li>Browser/ConfigureKioskMode<li>Browser/ConfigureKioskResetAfterIdleTimeout<li>Browser/ConfigureOpenMicrosoftEdgeWith<li>Browser/ConfigureTelemetryForMicrosoft365Analytics<li>Browser/PreventCertErrorOverrides<li>Browser/SetHomeButtonURL<li>Browser/SetNewTabPageURL<li>Browser/UnlockHomeButton<li>Experience/DoNotSyncBrowserSettings<li>Experience/PreventUsersFromTurningOnBrowserSyncing<li>Kerberos/UPNNameHints<li>Privacy/AllowCrossDeviceClipboard<li>Privacy<li>DisablePrivacyExperience<li>Privacy/UploadUserActivities<li>System/AllowDeviceNameInDiagnosticData<li>System/ConfigureMicrosoft365UploadEndpoint<li>System/DisableDeviceDelete<li>System/DisableDiagnosticDataViewer<li>Storage/RemovableDiskDenyWriteAccess<li>Update/UpdateNotificationLevel<br/><br/>Start/DisableContextMenus - added in Windows 10, version 1803.<br/><br/>RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.|
## July 2018
@ -217,7 +217,7 @@ As of November 2020 This page will no longer be updated. This article lists new
|New or updated article|Description|
|--- |--- |
|[Policy DDF file](mdm/policy-ddf-file.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.<li>[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)<li>[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Updated the DDF files in the Windows 10 version 1703 and 1709.<li>[Download the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)<li>[Download the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)|
## April 2018
@ -281,7 +281,7 @@ As of November 2020 This page will no longer be updated. This article lists new
| New or updated article | Description |
| --- | --- |
| [Policy DDF file](mdm/policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
| [Policy DDF file](mdm/configuration-service-provider-ddf.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. |
| [Policy CSP](mdm/policy-configuration-service-provider.md) | Updated the following policies:<br/><br/>- Defender/ControlledFolderAccessAllowedApplications - string separator is `|` <br/>- Defender/ControlledFolderAccessProtectedFolders - string separator is `|` |
| [eUICCs CSP](mdm/euiccs-csp.md) | Added new CSP in Windows 10, version 1709. |
| [AssignedAccess CSP](mdm/assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. |
@ -313,5 +313,5 @@ As of November 2020 This page will no longer be updated. This article lists new
|[Office CSP](mdm/office-csp.md)|Added the following setting in Windows 10, version 1709:<li>Installation/CurrentStatus|
|[BitLocker CSP](mdm/bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to four digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.|
|[Firewall CSP](mdm/firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:<li>Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.<li>Changed some data types from integer to bool.<li>Updated the list of supported operations for some settings.<li>Added default values.|
|[Policy DDF file](mdm/policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:<li>Browser/AllowMicrosoftCompatibilityList<li>Update/DisableDualScan<li>Update/FillEmptyContentUrls|
|[Policy DDF file](mdm/configuration-service-provider-ddf.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:<li>Browser/AllowMicrosoftCompatibilityList<li>Update/DisableDualScan<li>Update/FillEmptyContentUrls|
|[Policy CSP](mdm/policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:<li>Browser/ProvisionFavorites<li>Browser/LockdownFavorites<li>ExploitGuard/ExploitProtectionSettings<li>Games/AllowAdvancedGamingServices<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations<li>Privacy/EnableActivityFeed<li>Privacy/PublishUserActivities<li>Update/DisableDualScan<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork<br/><br/>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.<br/><br/>Changed the names of the following policies:<li>Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications<li>Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders<li>Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess<br/><br/>Added links to the extra [ADMX-backed BitLocker policies](mdm/policy-csp-bitlocker.md).<br/><br/>There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:<li>Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts<li>Start/HideAppList|

581
windows/client-management/mdm/configuration-service-provider-ddf.md
View File

@ -1,7 +1,7 @@
---
title: Configuration service provider DDF files
description: Learn more about the OMA DM device description framework (DDF) for various configuration service providers
ms.reviewer:
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
@ -14,9 +14,571 @@ ms.collection: highpri
# Configuration service provider DDF files
This topic shows the OMA DM device description framework (DDF) for various configuration service providers. DDF files are used only with OMA DM provisioning XML.
This article lists the OMA DM device description framework (DDF) files for various configuration service providers. DDF files are used only with OMA DM provisioning XML.
You can download the DDF files for various CSPs from the links below:
As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download:
- [DDF v2 Files, December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip)
## DDF v2 schema
DDF v2 XML schema definition is listed below along with the schema definition for the referenced `MSFT` namespace.
- Schema definition for DDF v2:
```xml
<?xml version="1.0" encoding="Windows-1252"?>
<xs:schema xmlns="http://tempuri.org/DM_DDF-V1_2" elementFormDefault="qualified" targetNamespace="http://tempuri.org/DM_DDF-V1_2"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<xs:import schemaLocation="DDFv2Msft.xsd" namespace="http://schemas.microsoft.com/MobileDevice/DM" />
<xs:element name="MgmtTree">
<xs:annotation>
<xs:documentation>Starting point for DDF</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="VerDTD" />
<xs:element minOccurs="1" ref="MSFT:Diagnostics" />
<xs:element minOccurs="1" maxOccurs="unbounded" ref="Node" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="VerDTD" type="xs:string" />
<xs:element name="Node">
<xs:annotation>
<xs:documentation>Main Recurring XML tag describing nodes of the CSP</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="NodeName" />
<xs:element minOccurs="0" maxOccurs="1" ref="Path" />
<xs:element minOccurs="1" maxOccurs="1" ref="DFProperties" />
<xs:choice>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="Node" />
</xs:choice>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="NodeName" type="xs:anyURI" />
<xs:element name="Path" type="xs:anyURI" />
<xs:element name="MIME" type="xs:string" />
<xs:element name="DDFName" type="xs:string" />
<xs:element name="DFProperties">
<xs:complexType>
<xs:sequence>
<xs:element ref="AccessType" />
<xs:element minOccurs="0" maxOccurs="1" ref="DefaultValue" />
<xs:element minOccurs="0" maxOccurs="1" ref="Description" />
<xs:element ref="DFFormat" />
<xs:element minOccurs="0" maxOccurs="1" ref="Occurrence" />
<xs:element minOccurs="0" maxOccurs="1" ref="Scope" />
<xs:element minOccurs="0" maxOccurs="1" ref="DFTitle" />
<xs:element ref="DFType" />
<xs:element minOccurs="0" maxOccurs="1" ref="CaseSense" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:Applicability" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:DynamicNodeNaming" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:AllowedValues" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:ReplaceBehavior" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:RebootBehavior" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:GpMapping" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:CommonErrorResults" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:Deprecated" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:DependencyBehavior" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:ConflictResolution" />
<xs:element minOccurs="0" maxOccurs="1" ref="MSFT:AtomicRequired" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AccessType">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" name="Add" />
<xs:element minOccurs="0" maxOccurs="1" name="Copy" />
<xs:element minOccurs="0" maxOccurs="1" name="Delete" />
<xs:element minOccurs="0" maxOccurs="1" name="Exec" />
<xs:element minOccurs="0" maxOccurs="1" name="Get" />
<xs:element minOccurs="0" maxOccurs="1" name="Replace" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="DefaultValue" type="xs:string" />
<xs:element name="Description" type="xs:string" />
<xs:element name="DFFormat">
<xs:complexType>
<xs:choice>
<xs:element name="b64" />
<xs:element name="bin" />
<xs:element name="bool" />
<xs:element name="chr" />
<xs:element name="int" />
<xs:element name="node" />
<xs:element name="null" />
<xs:element name="xml" />
<xs:element name="date" />
<xs:element name="time" />
<xs:element name="float" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="Occurrence">
<xs:complexType>
<xs:choice>
<xs:element name="One" />
<xs:element name="ZeroOrOne" />
<xs:element name="ZeroOrMore" />
<xs:element name="OneOrMore" />
<xs:element name="ZeroOrN" type="xs:integer" />
<xs:element name="OneOrN" type="xs:integer" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="Scope">
<xs:complexType>
<xs:choice>
<xs:element name="Permanent" />
<xs:element name="Dynamic" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="DFTitle" type="xs:string" />
<xs:element name="DFType">
<xs:complexType>
<xs:choice>
<xs:element minOccurs="1" maxOccurs="unbounded" ref="MIME" />
<xs:element ref="DDFName" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="CaseSense">
<xs:complexType>
<xs:choice>
<xs:element name="CS" />
<xs:element name="CIS" />
</xs:choice>
</xs:complexType>
</xs:element>
</xs:schema>
```
- Schema definition for the `MSFT` namespace:
```xml
<?xml version="1.0" encoding="utf-8"?>
<xs:schema elementFormDefault="qualified" xmlns="http://schemas.microsoft.com/MobileDevice/DM" targetNamespace="http://schemas.microsoft.com/MobileDevice/DM" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="Diagnostics" type="xs:string">
<xs:annotation>
<xs:documentation>This node contains an XML blob that can be used as an argument to the DiagnosticsLogCSP to pull diagnostics for a feature.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Deprecated">
<xs:annotation>
<xs:documentation>This node marks that a feature is deprecated. If included, OsBuildDeprecated gives the OS Build version that the node is no longer recommended to be set.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="OsBuildDeprecated" type="xs:string" />
</xs:complexType>
</xs:element>
<xs:element name="DynamicNodeNaming">
<xs:annotation>
<xs:documentation>This node contains information on how to dynamically name the node such that the name is valid.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:choice>
<xs:element name="ServerGeneratedUniqueIdentifier">
<xs:annotation>
<xs:documentation>This indicates that the server should generate a unique identifier for the node.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="ClientInventory">
<xs:annotation>
<xs:documentation>This indicates that the client will generate the name of the node based on the device state (such as inventorying apps).</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="UniqueName" type="xs:string">
<xs:annotation>
<xs:documentation>This indicates that the server should name the node, and the value listed gives a regex to define what is allowed.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="ConflictResolution" default="NoMerge">
<xs:simpleType>
<xs:annotation>
<xs:documentation>The type of the conflict resolution.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="NoMerge">
<xs:annotation>
<xs:documentation>No policy merge.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="LowestValueMostSecure">
<xs:annotation>
<xs:documentation>The lowest value is the most secure policy value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="HighestValueMostSecure">
<xs:annotation>
<xs:documentation>The highest value is the most secure policy value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="LastWrite">
<xs:annotation>
<xs:documentation>The last written value is current value</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="LowestValueMostSecureZeroHasNoLimits">
<xs:annotation>
<xs:documentation>The lowest value is the most secure policy value unless the value is zero.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="HighestValueMostSecureZeroHasNoLimits">
<xs:annotation>
<xs:documentation>The highest value is the most secure policy value unless the value is zero.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="Applicability">
<xs:annotation>
<xs:documentation>These tags indicate what are required on the device for the node to be applicable to configured. These tags can be inherited by children nodes.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" name="OsBuildVersion" type="xs:string">
<xs:annotation>
<xs:documentation>This tag describes the first build that a feature is released to. If the feature was backported, multiple OS versions will be listed, such that the OS build version without a minor number is the first "major release."</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="CspVersion" type="xs:decimal">
<xs:annotation>
<xs:documentation>This tag describes the lowest CSP Version that the node was released to.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="EditionAllowList" type="xs:string">
<xs:annotation>
<xs:documentation>This tag describes the list of Edition IDs that the features is allowed on. 0x88* refers to Windows Holographic for Business.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="RequiresAzureAd">
<xs:annotation>
<xs:documentation>This tag indicates that the node requires the device to be Azure Active Directory Joined to be applicable.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AllowedValues">
<xs:annotation>
<xs:documentation>These tags describe what values are allowed to be set for this particular node.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:group ref="AllowedValuesGroup" />
<xs:attributeGroup ref="AllowedValuesAttributeGroup" />
</xs:complexType>
</xs:element>
<xs:attributeGroup name="AllowedValuesAttributeGroup">
<xs:attribute name="ValueType" use="required">
<xs:annotation>
<xs:documentation>This attribute describes what kind of Allowed Values tag this is.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="XSD">
<xs:annotation>
<xs:documentation>This attribute indicates that the Value tag contains an XSD for the node.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="RegEx">
<xs:annotation>
<xs:documentation>This attribute indicates that the Value tag contains a RegEx for the node.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ADMX">
<xs:annotation>
<xs:documentation>This attribute indicates that the node can be described by an external ADMX file.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="JSON">
<xs:annotation>
<xs:documentation>This attribute indicates that the node can be described by a JSON schema.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ENUM">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values are an enumeration.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Flag">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values can be combined into a bitwise flag.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Range">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values are a numerical range.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="SDDL">
<xs:annotation>
<xs:documentation>This attribute indicates that the allowed values are a string in the SDDL format.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="None">
<xs:annotation>
<xs:documentation>This attribute indicates there is no data-driven way to define the allowed values of the node. This potentially means that all string values are valid values.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:group name="AllowedValuesGroup">
<xs:sequence>
<xs:group minOccurs="0" maxOccurs="1" ref="AllowedValueGroupedNodes" />
<xs:element minOccurs="0" maxOccurs="1" name="List">
<xs:annotation>
<xs:documentation>This tag indicates that the node input can contain multiple, delimited values.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="Delimiter" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute details the delimeter used for the list of values.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:group>
<xs:group name="ValueAndDescriptionGroup">
<xs:sequence>
<xs:element name="Value" type="xs:string">
<xs:annotation>
<xs:documentation>This tag indicates an allowed value.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="ValueDescription" type="xs:string">
<xs:annotation>
<xs:documentation>This tag gives further description to an allowed value, such as for an enumeration.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:group>
<xs:group name="AllowedValueGroupedNodes">
<xs:choice>
<xs:element ref="Enum" maxOccurs="unbounded" />
<xs:group ref="ValueAndDescriptionGroup" />
<xs:element ref="AdmxBacked" />
</xs:choice>
</xs:group>
<xs:element name="Enum">
<xs:annotation>
<xs:documentation>This tag gives details for one particular enumeration of the allowed values.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:group ref="ValueAndDescriptionGroup" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AdmxBacked">
<xs:annotation>
<xs:documentation>This tag indicates the relevent details for the corresponding ADMX policy for this node.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="Area" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives the area path of the ADMX policy.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives the name of the ADMX policy.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="File" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives the filename for the ADMX policy.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="ReplaceBehavior" default="Replace">
<xs:annotation>
<xs:documentation>This tag details the replace behavior of the node.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="Append">
<xs:annotation>
<xs:documentation>When performing a replace operation on this node, the value is appending to the existing node data.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Replace">
<xs:annotation>
<xs:documentation>When performing a replace operation on this node, the existing node data is removed before new data is added.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="RebootBehavior" default="None">
<xs:annotation>
<xs:documentation>This tag describes the reboot behavior of the node.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="None">
<xs:annotation>
<xs:documentation>No reboot is required for this node.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Automatic">
<xs:annotation>
<xs:documentation>This node will automatically perform a reboot to take effect.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="ServerInitiated">
<xs:annotation>
<xs:documentation>This node needs a reboot initiated from an external source to take effect.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="GpMapping">
<xs:annotation>
<xs:documentation>This tag details the information necessary to map this node to an existing group policy.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="GpEnglishName" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute details the English name of the GP.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GpAreaPath" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute details the area path of the GP.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GpElement" type="xs:string">
<xs:annotation>
<xs:documentation>This attribute details a particular element of a GP that the CSP node maps to.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="CommonErrorResults">
<xs:annotation>
<xs:documentation>This tag lists out common error HRESULTS reported by the CSP and English text to associate with them.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="CommonErrorOne" type="xs:string" />
<xs:element name="CommonErrorTwo" type="xs:string" />
<xs:element name="CommonErrorThree" type="xs:string" />
<xs:element name="CommonErrorFour" type="xs:string" />
<xs:element name="CommonErrorFive" type="xs:string" />
<xs:element name="CommonErrorSix" type="xs:string" />
<xs:element name="CommonErrorSeven" type="xs:string" />
<xs:element name="CommonErrorEight" type="xs:string" />
<xs:element name="CommonErrorNine" type="xs:string" />
<xs:element name="CommonErrorTen" type="xs:string" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="AtomicRequired">
<xs:annotation>
<xs:documentation>This tag indicates that this node and all children nodes should be enclosed by an Atomic tag when being sent to the client.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="DependencyBehavior">
<xs:annotation>
<xs:documentation>These tags detail potential dependencies that the current CSP node has on other nodes in the same CSP.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="DependencyGroup" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Dependency">
<xs:annotation>
<xs:documentation>This tag describes a dependency that the current CSP node has on another nodes in the same CSP.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="DependencyUri" type="xs:anyURI">
<xs:annotation>
<xs:documentation>The URI that the current CSP node has a dependency on.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="DependencyAllowedValue" />
</xs:sequence>
<xs:attribute name="Type" use="required">
<xs:annotation>
<xs:documentation>This tag details the kind of dependency.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="DependsOn">
<xs:annotation>
<xs:documentation>The current node depends on the dependency holding a certain value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="Not">
<xs:annotation>
<xs:documentation>The current node depends on the dependency not holding a certain value.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="DependencyGroup">
<xs:annotation>
<xs:documentation>This tag details one specific dependency. A node might have multiple different dependencies.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" ref="DependencyChangedAllowedValues" />
<xs:element ref="Dependency" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="FriendlyId" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>This attribute gives a friendly ID to the dependency, to differentiate it from other dependencies.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="DependencyAllowedValue">
<xs:annotation>
<xs:documentation>This tag details the values that the dependency must be set to for the dependency to be satisfied.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:group ref="AllowedValuesGroup" />
<xs:attributeGroup ref="AllowedValuesAttributeGroup" />
</xs:complexType>
</xs:element>
<xs:element name="DependencyChangedAllowedValues">
<xs:annotation>
<xs:documentation>This tag details a change to the current node's allowed values if the dependency is satisfied.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:group ref="AllowedValuesGroup" />
<xs:attributeGroup ref="AllowedValuesAttributeGroup" />
</xs:complexType>
</xs:element>
</xs:schema>
```
## Older DDF files
You can download the older DDF files for various CSPs from the links below:
- [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
@ -26,4 +588,15 @@ You can download the DDF files for various CSPs from the links below:
- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
You can download DDF file for Policy CSP from [Policy DDF file](policy-ddf-file.md).
You can download the older Policy area DDF files by clicking the following links:
- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
- [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
- [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
- [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
- [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)

2
windows/client-management/mdm/index.yml
View File

@ -47,7 +47,7 @@ landingContent:
- text: Policy CSP
url: policy-configuration-service-provider.md
- text: Policy DDF file
url: policy-ddf-file.md
url: configuration-service-provider-ddf.md
- text: Policy CSP - Start
url: policy-csp-start.md
- text: Policy CSP - Update

3
windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
View File

@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/30/2023
ms.date: 02/03/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -814,6 +814,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
- [SetPolicyDrivenUpdateSourceForOtherUpdates](policy-csp-update.md)
- [SetEDURestart](policy-csp-update.md)
- [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](policy-csp-update.md)
- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md)
- [SetDisableUXWUAccess](policy-csp-update.md)
- [SetDisablePauseUXAccess](policy-csp-update.md)
- [UpdateNotificationLevel](policy-csp-update.md)

2
windows/client-management/mdm/policy-csp-controlpolicyconflict.md
View File

@ -58,7 +58,7 @@ This ensures that:
- The current Policy Manager policies are refreshed from what MDM has set
- Any values set by scripts/user outside of GP that conflict with MDM are removed
The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the policies with equivalent GP:
The [Policy DDF](configuration-service-provider-ddf.md) contains the following tags to identify the policies with equivalent GP:
- \<MSFT:ADMXBacked\>
- \<MSFT:ADMXMapped\>

2
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

@ -19,7 +19,7 @@ ms.topic: reference
<!-- LocalPoliciesSecurityOptions-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> To find data formats (and other policy-related details), see [Policy DDF file](./policy-ddf-file.md).
> To find data formats (and other policy-related details), see [Policy DDF file](./configuration-service-provider-ddf.md).
<!-- LocalPoliciesSecurityOptions-Editable-End -->
<!-- Accounts_BlockMicrosoftAccounts-Begin -->

83
windows/client-management/mdm/policy-csp-update.md
View File

@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.date: 01/18/2023
ms.date: 02/03/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@ -16,6 +16,9 @@ ms.topic: reference
<!-- Update-Begin -->
# Policy CSP - Update
> [!IMPORTANT]
> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
<!-- Update-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Update-Editable-End -->
@ -23,6 +26,7 @@ ms.topic: reference
Update CSP policies are listed below based on the group policy area:
- [Windows Insider Preview](#windows-insider-preview)
- [AllowTemporaryEnterpriseFeatureControl](#allowtemporaryenterprisefeaturecontrol)
- [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
- [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
- [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
@ -103,6 +107,75 @@ Update CSP policies are listed below based on the group policy area:
## Windows Insider Preview
<!-- AllowTemporaryEnterpriseFeatureControl-Begin -->
### AllowTemporaryEnterpriseFeatureControl
<!-- AllowTemporaryEnterpriseFeatureControl-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
<!-- AllowTemporaryEnterpriseFeatureControl-Applicability-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/Update/AllowTemporaryEnterpriseFeatureControl
```
<!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-Description-Begin -->
<!-- Description-Source-ADMX -->
Features introduced via servicing (outside of the annual feature update) are off by default for devices that have their Windows updates managed*.
- If this policy is configured to "Enabled", then all features available in the latest monthly quality update installed will be on.
- If this policy is set to "Not Configured" or "Disabled" then features that are shipped via a monthly quality update (servicing) will remain off until the feature update that includes these features is installed.
*Windows update managed devices are those that have their Windows updates managed via policy; whether via the cloud using Windows Update for Business or on-premises with Windows Server Update Services (WSUS).
<!-- AllowTemporaryEnterpriseFeatureControl-Description-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- AllowTemporaryEnterpriseFeatureControl-Editable-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- AllowTemporaryEnterpriseFeatureControl-DFProperties-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Not allowed. |
| 1 | Allowed. |
<!-- AllowTemporaryEnterpriseFeatureControl-AllowedValues-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | AllowTemporaryEnterpriseFeatureControl |
| Friendly Name | Enable features introduced via servicing that are off by default |
| Location | Computer Configuration |
| Path | Windows Components > Windows Update > Manage end user experience |
| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
| Registry Value Name | AllowTemporaryEnterpriseFeatureControl |
| ADMX File Name | WindowsUpdate.admx |
<!-- AllowTemporaryEnterpriseFeatureControl-GpMapping-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AllowTemporaryEnterpriseFeatureControl-Examples-End -->
<!-- AllowTemporaryEnterpriseFeatureControl-End -->
<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Begin -->
### ConfigureDeadlineNoAutoRebootForFeatureUpdates
@ -2589,7 +2662,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
<!-- ScheduledInstallDay-Description-Begin -->
<!-- Description-Source-DDF -->
Enables the IT admin to schedule the day of the update installation. The data type is a integer.
Enables the IT admin to schedule the day of the update installation. The data type is an integer.
<!-- ScheduledInstallDay-Description-End -->
<!-- ScheduledInstallDay-Editable-Begin -->
@ -2660,7 +2733,7 @@ Enables the IT admin to schedule the day of the update installation. The data ty
<!-- ScheduledInstallEveryWeek-Description-Begin -->
<!-- Description-Source-DDF -->
Enables the IT admin to schedule the update installation on the every week. Value type is integer.
Enables the IT admin to schedule the update installation every week. Value type is integer.
<!-- ScheduledInstallEveryWeek-Description-End -->
<!-- ScheduledInstallEveryWeek-Editable-Begin -->
@ -2985,7 +3058,7 @@ Enables the IT admin to schedule the update installation on the third week of th
<!-- ScheduledInstallTime-Description-Begin -->
<!-- Description-Source-DDF -->
the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
the IT admin to schedule the time of the update installation. The data type is an integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
<!-- ScheduledInstallTime-Description-End -->
<!-- ScheduledInstallTime-Editable-Begin -->
@ -3044,7 +3117,7 @@ Enables the IT admin to schedule the update installation on the third week of th
<!-- SetDisablePauseUXAccess-Description-Begin -->
<!-- Description-Source-ADMX -->
This setting allows to remove access to "Pause updates" feature.
This setting allows removing access to "Pause updates" feature.
Once enabled user access to pause updates is removed.
<!-- SetDisablePauseUXAccess-Description-End -->

32
windows/client-management/mdm/policy-ddf-file.md
View File

@ -1,32 +0,0 @@
---
title: Policy DDF file
description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/28/2020
---
# Policy DDF file
This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
You can view various Policy DDF files by clicking the following links:
- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
- [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
- [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
- [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
- [View the Policy DDF file for Windows 10, version 1803](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1803 release C](https://download.microsoft.com/download/4/9/6/496534EE-8F0C-4F12-B084-A8502DA22430/PolicyDDF_all_1809C_release.xml)
- [View the Policy DDF file for Windows 10, version 1709](https://download.microsoft.com/download/8/C/4/8C43C116-62CB-470B-9B69-76A3E2BC32A8/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1703](https://download.microsoft.com/download/7/2/C/72C36C37-20F9-41BF-8E23-721F6FFC253E/PolicyDDF_all.xml)
- [View the Policy DDF file for Windows 10, version 1607](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607.xml)
- [View the Policy DDF file for Windows 10, version 1607 release 8C](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml)
You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-ddf.md).

2
windows/client-management/mdm/toc.yml
View File

@ -34,7 +34,7 @@ items:
href: policy-configuration-service-provider.md
items:
- name: Policy CSP DDF file
href: policy-ddf-file.md
href: configuration-service-provider-ddf.md
- name: Policy CSP support scenarios
items:
- name: ADMX policies in Policy CSP

2
windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
View File

@ -17,8 +17,6 @@ msreviewer: hathind
> [!IMPORTANT]
> Make sure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md). The Windows Autopatch Service Engineering Team will contact these individuals for assistance with remediating issues.
You can submit support tickets to Microsoft using the Windows Autopatch admin center. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team.
## Submit a new support request
Support requests are triaged and responded to as they're received.

15
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows feature updates
description: This article explains how Windows feature updates are managed in Autopatch
ms.date: 02/02/2023
ms.date: 02/07/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -73,6 +73,9 @@ Windows Autopatch provides a permanent pause of a Windows feature update deploym
## Pausing and resuming a release
> [!CAUTION]
> It's only recommended to use Windows Autopatch's end-user experience to pause and resume [Windows quality](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release). If you need assistance with pausing and resuming updates, please [submit a support request](../operate/windows-autopatch-support-request.md).
> [!IMPORTANT]
> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its management solution and that's the average frequency devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
@ -88,18 +91,18 @@ Windows Autopatch provides a permanent pause of a Windows feature update deploym
8. If you're resuming an update, you can select one or more deployment rings.
9. Select **Okay**.
If you've paused an update, the specified release will have the **Customer Paused** status. The Windows Autopatch service can't overwrite a customer-initiated pause. You must select **Resume** to resume the update.
If you've paused an update, the specified release will have the **Customer Pause** status. The Windows Autopatch service can't overwrite IT admin's pause. You must select **Resume** to resume the update.
> [!NOTE]
> The **Service Paused** status only applies to [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release). Windows Autopatch doesn't pause Windows feature updates on your behalf.
> The **Service Pause** status only applies to [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release). Windows Autopatch doesn't pause Windows feature updates on your behalf.
## Rollback
Windows Autopatch doesnt support the rollback of Windows Feature updates.
Windows Autopatch doesnt support the rollback of Windows feature updates.
> [!CAUTION]
> Its not recommended to use [Microsoft Intunes capabilities](/mem/intune/protect/windows-10-update-rings#manage-your-windows-update-rings) to pause and rollback a Windows feature update. However, if you choose to pause, resume and/or roll back from Intune, Windows Autopatch is **not** responsible for any problems that arise from rolling back the Windows feature update.
> It's only recommended to use Windows Autopatch's end-user experience to pause and resume [Windows quality](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release). If you need assistance with pausing and resuming updates, please [submit a support request](../operate/windows-autopatch-support-request.md).
## Contact support
If youre experiencing issues related to Windows feature updates, you can [submit a support request](../operate/windows-autopatch-support-request.md). Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team.
If youre experiencing issues related to Windows feature updates, you can [submit a support request](../operate/windows-autopatch-support-request.md).

18
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality updates
description: This article explains how Windows quality updates are managed in Autopatch
ms.date: 12/15/2022
ms.date: 02/07/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
@ -9,7 +9,7 @@ ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
manager: dougeby
msreviewer: hathind
msreviewer: andredm7
---
# Windows quality updates
@ -89,7 +89,7 @@ By default, the service expedites quality updates as needed. For those organizat
**To turn off service-driven expedited quality updates:**
1. Go to **[Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited Quality Updates** setting.
2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited quality updates** setting.
> [!NOTE]
> Windows Autopatch doesn't allow customers to request expedited releases.
@ -108,6 +108,11 @@ Windows Autopatch schedules and deploys required Out of Band (OOB) updates relea
### Pausing and resuming a release
> [!CAUTION]
> It's only recommended to use Windows Autopatch's end-user experience to pause and resume [Windows quality](windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release). If you need assistance with pausing and resuming updates, please [submit a support request](../operate/windows-autopatch-support-request.md).
The service-level pause of updates is driven by the various software update deployment-related signals Windows Autopatch receives from Windows Update for Business, and several other product groups within Microsoft.
If Windows Autopatch detects a [significant issue with a release](../operate/windows-autopatch-windows-quality-update-signals.md), we may decide to pause that release.
> [!IMPORTANT]
@ -125,12 +130,13 @@ If Windows Autopatch detects a [significant issue with a release](../operate/win
8. If you're resuming an update, you can select one or more deployment rings.
9. Select **Okay**.
There are two statuses associated with paused quality updates, **Service Paused** and **Customer Paused**.
The three following statuses are associated with paused quality updates:
| Status | Description |
| ----- | ------ |
| Service Paused | If the Windows Autopatch service has paused an update, the release will have the **Service Paused** status. You must [submit a support request](windows-autopatch-support-request.md) to resume the update. |
| Customer Paused | If you've paused an update, the release will have the **Customer Paused** status. The Windows Autopatch service can't overwrite a customer-initiated pause. You must select **Resume** to resume the update. |
| Service Pause | If the Windows Autopatch service has paused an update, the release will have the **Service Pause** status. You must [submit a support request](../operate/windows-autopatch-support-request.md) to resume the update. |
| Customer Pause | If you've paused an update, the release will have the **Customer Pause** status. The Windows Autopatch service can't overwrite an IT admin's pause. You must select **Resume** to resume the update. |
| Customer & Service Pause | If you and Windows Autopatch have both paused an update, the release will have the **Customer & Service Pause** status. If you resume the update, and the **Service Pause** status still remains, you must [submit a support request](../operate/windows-autopatch-support-request.md) for Windows Autopatch to resume the update deployment on your behalf. |
## Remediating Ineligible and/or Not up to Date devices

2
windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
View File

@ -14,7 +14,7 @@ msreviewer: hathind
# Submit a tenant enrollment support request
If you need more assistance with tenant enrollment, you can submit support requests to the Windows Autopatch Service Engineering Team in the Windows Autopatch enrollment tool. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team.
If you need more assistance with tenant enrollment, you can submit support requests to the Windows Autopatch Service Engineering Team in the Windows Autopatch enrollment tool.
> [!NOTE]
> After you've successfully enrolled your tenant, this feature will no longer be accessible. You must [submit a support request through the Tenant administration menu](../operate/windows-autopatch-support-request.md).

4
windows/security/identity-protection/remote-credential-guard.md
View File

@ -128,7 +128,7 @@ You must enable Restricted Admin or Windows Defender Remote Credential Guard on
- Add a new DWORD value named **DisableRestrictedAdmin**.
- To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0 to turn on Windows Defender Remote Credential Guard.
- To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0.
3. Close Registry Editor.
@ -189,4 +189,4 @@ mstsc.exe /remoteGuard
- No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own.
- The server and client must authenticate using Kerberos.
- The server and client must authenticate using Kerberos.